Bug 1217127

Summary: Override for IPA users with login does not list user all groups
Product: Red Hat Enterprise Linux 7 Reporter: Sumit Bose <sbose>
Component: sssdAssignee: SSSD Maintainers <sssd-maint>
Status: CLOSED ERRATA QA Contact: Kaushik Banerjee <kbanerje>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.1CC: grajaiya, jgalipea, jhrozek, kbanerje, lslebodn, mkosek, mzidek, nsoman, pbrezina, preichl, sgoveas, sssd-maint, sumenon
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: sssd-1.13.0-0.1.alpha.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1215195 Environment:
Last Closed: 2015-11-19 11:38:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1215195    
Bug Blocks:    

Comment 1 Jakub Hrozek 2015-04-29 15:43:38 UTC
Upstream ticket:

Comment 2 Jakub Hrozek 2015-05-06 08:55:40 UTC

Comment 4 Sudhir Menon 2015-09-30 12:57:42 UTC
Verified using RHEL7.2


Observation: When ipa user override is added with a new login name, id command does list all its groups

[root@ipa01 ~]# ipa user-show ipauser1
  User login: ipauser1
  First name: f
  Last name: l
  Home directory: /home/ipauser1
  Login shell: /bin/sh
  Email address: ipauser1@labs01.test
  UID: 653800010
  GID: 653800010
  Account disabled: False
  Password: False
  Member of groups: grp2, grp1, ipausers
  Kerberos keys available: False

[root@ipa01 ~]# ipa idview-add
ID View Name: hostview
Added ID View "hostview"
  ID View Name: hostview
[root@ipa01 ~]# ipa idoverrideuser-add hostview ipauser1 --login useripa1
Added User ID override "ipauser1"
  Anchor to override: ipauser1
  User login: useripa1

service sssd stop ; rm -fr /var/lib/sss/{db,mc}/* ; service sssd start

[root@ipa01 ~]# ipa idview-apply hostview --hosts ipaclient02.labs01.test
Applied ID View "hostview"
  hosts: ipaclient02.labs01.test
Number of hosts the ID View was applied to: 1

[root@ipaclient02 ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start
Redirecting to /bin/systemctl stop  sssd.service
Redirecting to /bin/systemctl start  sssd.service

[root@ipaclient02 ~]# id ipauser1
uid=653800010(useripa1) gid=653800010(ipauser1) groups=653800010(ipauser1),653800012(grp2),653800011(grp1)

Comment 5 errata-xmlrpc 2015-11-19 11:38:24 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.