Bug 1211595
| Summary: | [RFE] add admins group, ipa masters hostgroup, ssh HBAC rule | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Petr Vobornik <pvoborni> |
| Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
| Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
| Severity: | unspecified | Docs Contact: | Marc Muehlfeld <mmuehlfe> |
| Priority: | medium | ||
| Version: | 7.1 | CC: | ipa-maint, ksiddiqu, mbasti, mkosek, ndehadra, rcritten |
| Target Milestone: | rc | Keywords: | FutureFeature |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-4.4.0-1.el7 | Doc Type: | Enhancement |
| Doc Text: |
IdM now enables the `admin` group and `ipaservers` host group
Identity Management (IdM) now introduces two new groups:
* User group `admins` - Members have full administrative permissions in IdM.
* Host group `ipaservers` - Hosts in this group can be promoted to a replica by users without full administrative permissions. All IdM servers are members of this group.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-11-04 05:45:18 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Petr Vobornik
2015-04-14 12:08:19 UTC
The required functionality for replica promotion was implemented upstream in * a8d7ce5cf1ccd6c8a81fa5b4569afa3aa3c2882d aci: add IPA servers host group 'ipaservers' * 7b9a97383ce4090d30e624fc8b7263d6c5f1b823 aci: replace per-server ACIs with ipaserver-based ACIs * 8f36a5bd68140fdd338d9c738977a6c67fdfdf08 replica install: add ipaservers if it does not exist HBAC rule was not implemented and is not needed for replica promotion. This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions copying comment: https://fedorahosted.org/freeipa/ticket/3416#comment:14 admins user group and ipaservers host group exist now(4.3). Therefore moving this ticket to 4.3 as fixed. For the hbac rule part, if anybody wants it, please open a new RFE ticket. this bz was part of rebase Please provide steps to verify this. IPA-server version: ipa-server-4.4.0-12.el7.x86_64 Tested the bug on the basis of following steps: 1. Noticed that new user group 'admin' is now available for latest version of IPA server. 2. Noticed that new hostgroup "ipaservers" is now available for latest version of IPA server. 3. Noticed that Master/ replica automatically become part of it after upgrade or on fresh install of ipa-server/replica. 4. Noticed that new users can be manually added to 'admins' group. 5. Noticed that new host can be manually added to 'ipaservers' group. 6. As for the hbacrule observation (HBAC rule is not implemented) in above comment#2 and #4, it will be handled separately. Thus on the basis of above observations, marking the status of bug to "VERIFIED". Bug is verified needinfo is not needed, I was contacted personally. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html |