Bug 1195607
| Summary: | Deleteing an external AD user-group should disassociate the users from the user-group associated | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Kedar Bidarkar <kbidarka> |
| Component: | Hammer | Assignee: | Marek Hulan <mhulan> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Kedar Bidarkar <kbidarka> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 6.1.0 | CC: | bbuckingham, bkearney |
| Target Milestone: | Unspecified | ||
| Target Release: | Unused | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| URL: | http://projects.theforeman.org/issues/9878 | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-08-12 13:56:58 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Kedar Bidarkar
2015-02-24 07:49:10 UTC
NOTE: foobar is the user from AD which also belongs to user-group foobargroup in AD.
[root@xyzabc ~]# hammer -u admin -p changeme user-group info --id 1
Id: 1
Name: katello
Users:
foobar
User groups:
External user groups:
Roles:
View hosts
Created at: 2015/03/02 08:35:24
Updated at: 2015/03/02 08:35:24
As seen in comment 3, though the external user groups appears empty after it's removed, the user is still associated with the 'katello' user-group. As seen it's still able to perform the Roles of 'view hosts', which I feel is a bug. Cron-job getting run, foreman-rake command running and users logging in **makes no difference**, as I see the issue even after: a) cron-job getting run after the "Admin deletes link between 'bar' and 'foo'" b) the admin running "foreman-rake ldap:refresh_usergroups" on sat6 c) the users have logged in, they still can access the pages as per the roles. NOTE: I have tried this with latest sat6.1 snap4. We need to fix this for satellite6.1. Created redmine issue http://projects.theforeman.org/issues/9878 from this bug when comparing it with comment 3, the user "foobar" is no longer associated with the user-group "katello". [root@xyzabc ~]# hammer -u admin -p changeme user-group external delete --id 1 --user-group-id 1 External user group deleted [root@xyzabc ~]# hammer -u admin -p changeme user-group info --id 1 Id: 1 Name: katello Users: User groups: External user groups: Roles: Viewer View hosts Tasks Reader Tasks Manager Site manager Red Hat Access Logs Manager Edit partition tables Edit hosts Discovery Reader Discovery Manager Boot disk access Created at: 2015/05/05 22:17:01 Updated at: 2015/05/05 22:17:01 ------------------------------------------- [root@xyzabc ~]# hammer -u admin -p changeme user info --id 4 Id: 4 Login: foobar Name: foobar Email: foobar Admin: no Authorized by: Last login: 2015/05/05 22:26:54 Default organization: Default Organization Default location: Default Location Roles: Anonymous User groups: Locations: Default Location Organizations: Default Organization Created at: 2015/05/05 22:18:41 Updated at: 2015/05/05 22:26:54 VERIFIED with sat6.1-GA-SNAP2 This bug is slated to be released with Satellite 6.1. This bug was fixed in version 6.1.1 of Satellite which was released on 12 August, 2015. |