Bug 1265915
Summary: | idoverrideuser-find fails if any SID anchor is not resolvable anymore | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Sudhir Menon <sumenon> |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.2 | CC: | ksiddiqu, mkosek, pvoborni, rcritten |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.4.0-0.el7.1.alpha1 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-11-04 05:46:53 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Sudhir Menon
2015-09-24 07:22:57 UTC
Upstream ticket: https://fedorahosted.org/freeipa/ticket/5322 The "Default Trust View" should not be removed after the trust is deleted. However, the failure of idoverrideuser-find is a legitimate one, it should be able to cope with SIDs that are no longer resolvable. master: 4c2276f7ec9a049ea9088030b23badecd88c73e4 idoverride: Ignore ValidationErrors when converting the anchor eaeb40328cf80f615684ffc692b9416e1c08d544 tests: Add tests for idoverride object integrity ipa-4-2: 52680a1a08a040b99e1a843126f5588e14237691 idoverride: Ignore ValidationErrors when converting the anchor cc085d240dc4c6a02ef39752043059c1d35b591a tests: Add tests for idoverride object integrity This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions Default Trust View is not removed. Also the SID's are also handled which are no longer resolvable. Fix is seen in ipa-server-4.4.0-2.1.el7.x86_64 [root@server ~]# ipa idoverrideuser-find ID View Name: Default Trust View --------------------------- 5 User ID overrides matched --------------------------- Anchor to override: user1 User login: user1 UID: 1081400003 GECOS: user1 GID: 1081400003 Login shell: /bin/sh Anchor to override: user2 User login: user2 UID: 1081400001 GECOS: user2 GID: 1081400001 Login shell: /bin/sh Anchor to override: user3 User login: user3 UID: 1081400004 GECOS: user3 GID: 1081400004 Login shell: /bin/sh Anchor to override: user4 User login: user4 UID: 1081400005 GECOS: t GID: 1081400005 Login shell: /bin/sh Anchor to override: user5 User login: user5 UID: 1081400006 GECOS: user5 GID: 1081400006 Login shell: /bin/sh ---------------------------- Number of entries returned 5 ---------------------------- [root@server ~]# ipa trust-del pne.qe ---------------------- Deleted trust "pne.qe" ---------------------- [root@server ~]# ipa idoverrideuser-find 'Default Trust View' --------------------------- 5 User ID overrides matched --------------------------- Anchor to override: :SID:S-1-5-21-3912719521-1967590360-1136226524-1403 User login: user1 UID: 1081400003 GECOS: user1 GID: 1081400003 Login shell: /bin/sh Anchor to override: :SID:S-1-5-21-3912719521-1967590360-1136226524-1405 User login: user2 UID: 1081400001 GECOS: user2 GID: 1081400001 Login shell: /bin/sh Anchor to override: :SID:S-1-5-21-3912719521-1967590360-1136226524-1413 User login: user3 UID: 1081400004 GECOS: user3 GID: 1081400004 Login shell: /bin/sh Anchor to override: :SID:S-1-5-21-3912719521-1967590360-1136226524-1415 User login: user4 UID: 1081400005 GECOS: t GID: 1081400005 Login shell: /bin/sh Anchor to override: :SID:S-1-5-21-3912719521-1967590360-1136226524-1419 User login: user5 UID: 1081400006 GECOS: user5 GID: 1081400006 Login shell: /bin/sh ---------------------------- Number of entries returned 5 ---------------------------- Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html |