Bug 1217127
Summary: | Override for IPA users with login does not list user all groups | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Sumit Bose <sbose> |
Component: | sssd | Assignee: | SSSD Maintainers <sssd-maint> |
Status: | CLOSED ERRATA | QA Contact: | Kaushik Banerjee <kbanerje> |
Severity: | unspecified | Docs Contact: | |
Priority: | medium | ||
Version: | 7.1 | CC: | grajaiya, jgalipea, jhrozek, kbanerje, lslebodn, mkosek, mzidek, nsoman, pbrezina, preichl, sgoveas, sssd-maint, sumenon |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | sssd-1.13.0-0.1.alpha.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | 1215195 | Environment: | |
Last Closed: | 2015-11-19 11:38:24 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1215195 | ||
Bug Blocks: |
Comment 1
Jakub Hrozek
2015-04-29 15:43:38 UTC
master: 0f9c28eb52d2b45c8a97f709308dc11377831b8c 35b178d02dfd293778aefbc0b465a5a3a4b6cd8f sssd-1-12: 3b00bcd8b6d53d33207005c4e7a631b6a241d300 a4a447b7bf394ded65c8ae872832e7cd135425d1 Verified using RHEL7.2 sssd-1.13.0-35.el7.x86_64 ipa-server-trust-ad-4.2.0-12.el7.x86_64 ipa-server-4.2.0-12.el7.x86_64 ipa-server-dns-4.2.0-12.el7.x86_64 Observation: When ipa user override is added with a new login name, id command does list all its groups [root@ipa01 ~]# ipa user-show ipauser1 User login: ipauser1 First name: f Last name: l Home directory: /home/ipauser1 Login shell: /bin/sh Email address: ipauser1 UID: 653800010 GID: 653800010 Account disabled: False Password: False Member of groups: grp2, grp1, ipausers Kerberos keys available: False [root@ipa01 ~]# ipa idview-add ID View Name: hostview ------------------------ Added ID View "hostview" ------------------------ ID View Name: hostview [root@ipa01 ~]# ipa idoverrideuser-add hostview ipauser1 --login useripa1 --------------------------------- Added User ID override "ipauser1" --------------------------------- Anchor to override: ipauser1 User login: useripa1 service sssd stop ; rm -fr /var/lib/sss/{db,mc}/* ; service sssd start [root@ipa01 ~]# ipa idview-apply hostview --hosts ipaclient02.labs01.test -------------------------- Applied ID View "hostview" -------------------------- hosts: ipaclient02.labs01.test --------------------------------------------- Number of hosts the ID View was applied to: 1 --------------------------------------------- [root@ipaclient02 ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start Redirecting to /bin/systemctl stop sssd.service Redirecting to /bin/systemctl start sssd.service [root@ipaclient02 ~]# id ipauser1 uid=653800010(useripa1) gid=653800010(ipauser1) groups=653800010(ipauser1),653800012(grp2),653800011(grp1) Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-2355.html |