Bug 1301901
Summary: | [RFE] compat tree: show AD members of IPA groups | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Martin Kosek <mkosek> | ||||
Component: | ipa | Assignee: | Alexander Bokovoy <abokovoy> | ||||
Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> | ||||
Severity: | urgent | Docs Contact: | |||||
Priority: | urgent | ||||||
Version: | 7.3 | CC: | abokovoy, bobby.prins, dpal, ekeck, enewland, jbaird, jcholast, ksiddiqu, mkosek, mvarun, nsoman, pvoborni, rcritten, wdh | ||||
Target Milestone: | rc | Keywords: | FutureFeature, ZStream | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | ipa-4.2.0-16.el7 | Doc Type: | Enhancement | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | 1138797 | ||||||
: | 1311502 (view as bug list) | Environment: | |||||
Last Closed: | 2016-11-04 05:50:45 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 1138797 | ||||||
Bug Blocks: | 1298288, 1311502 | ||||||
Attachments: |
|
Description
Martin Kosek
2016-01-26 10:14:58 UTC
This RFE is about an update to slapi-nis configuration, managed by IdM Server. Alexander would provide the slapi-nis configuration update, as required by Bug 1138797. Created attachment 1129855 [details] Upstream patch Fixed upstream, but the patch was not pushed yet: https://www.redhat.com/archives/freeipa-devel/2016-February/msg00163.html Sorry, Jan, but for the purpose of this release please use slapi-nis >= 0.54-7. No need to apologize, I already know that. The attached patch is the upstream patch, as the description says. Fixed upstream ipa-4-3: https://fedorahosted.org/freeipa/changeset/eb187e9a26d9baf597f7e5230c01c0084685e061 https://fedorahosted.org/freeipa/changeset/5e2c6b0f630300e20c11595e67c61e7eb3982aae master: https://fedorahosted.org/freeipa/changeset/1353847e49a1cde078bb9b432cc43959b7a3ce46 https://fedorahosted.org/freeipa/changeset/271086ebdd10b2229534220d830d1cbd5af6a352 ipa-4-2: https://fedorahosted.org/freeipa/changeset/fea62ea71ec9a614f17888f26f67bd2bca425532 https://fedorahosted.org/freeipa/changeset/dbea05e1578e2d6d80940f1d4289ecd98a0593ab Verified [root@host108 ~]# rpm -qa ipa-server sssd ipa-server-4.4.0-7.el7.x86_64 sssd-1.14.0-18.el7.x86_64 1.Created Global Security Group added members from parent domain. [root@host108 ~]# getent group adgroup1 adgroup1:*:175001105:aduser1,aduser2 2. Created Universal Security Group and added members from parent [root@host108 ~]# getent group adunigroup1 adunigroup1:*:175001107:aduser1,aduser3,aduser1.test 3. Created Global Security Group added members from child domain. [root@host108 ~]# getent group adgroup2.test adgroup2.test:*:1393601108:aduser1.test,aduser0.test 4. Created Universal Security Group and added members from child domain. [root@host108 ~]# getent group adunigroup2.test adunigroup2.test:*:1393603033:aduser0.test,aduser2.test,aduser3 5. After removing user from group, found that getent group is also updated. a)After removing aduser1.test from adunigroup1 group [root@host108 ~]# getent group adunigroup1 adunigroup1:*:175001107:aduser1,aduser3 b)After removing aduser3 from adunigroup2.test group [root@host108 ~]# getent group adunigroup2.test adunigroup2.test:*:1393603033:aduser0.test,aduser2.test [root@host108 ~]# 6. External Group [root@host108 ~]# ipa group-add --external ext_ad_administrators --desc "IPAAD2008R2.TEST\Administrators" ----------------------------------- Added group "ext_ad_administrators" ----------------------------------- Group name: ext_ad_administrators Description: IPAAD2008R2.TEST\Administrators [root@host108 ~]# ipa group-add-member ext_ad_administrators --external "IPAAD2008R2\Domain Admins" [member user]: [member group]: Group name: ext_ad_administrators Description: IPAAD2008R2.TEST\Administrators External member: S-1-5-21-1765444267-4284514389-3232425237-512 ------------------------- Number of members added 1 ------------------------- [root@host108 ~]# ipa group-add ad_administrators ------------------------------- Added group "ad_administrators" ------------------------------- Group name: ad_administrators GID: 1657800007 [root@host108 ~]# ipa group-add-member ad_administrators --group ext_ad_administrators Group name: ad_administrators GID: 1657800007 Member groups: ext_ad_administrators ------------------------- Number of members added 1 ------------------------- [root@host108 ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start Redirecting to /bin/systemctl stop sssd.service Redirecting to /bin/systemctl start sssd.service [root@host108 ~]# getent group ad_administrators ad_administrators:*:1657800007:administrator Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html |