Bug 1329647

Summary: IPA view: view name not stored properly with default FreeIPA installation
Product: Red Hat Enterprise Linux 6 Reporter: Jakub Hrozek <jhrozek>
Component: sssdAssignee: SSSD Maintainers <sssd-maint>
Status: CLOSED ERRATA QA Contact: Steeve Goveas <sgoveas>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.8CC: grajaiya, jhrozek, ksiddiqu, lslebodn, mkosek, mzidek, pbrezina, sgoveas, sssd-maint, sumenon
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sssd-1.13.3-39.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1312276 Environment:
Last Closed: 2017-03-21 09:55:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1312276, 1329648    
Bug Blocks:    
Attachments:
Description Flags
idviews verification done for IPA user or group none

Description Jakub Hrozek 2016-04-22 13:07:02 UTC 
+++ This bug was initially created as a clone of Bug #1312276 +++

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/2960

If the idview feature of FreeIPA is use with running ipa-adtrust-install on the server, i.e. after a default installation, SSSD cannot save the applied view name to the cache and only returns the default view for IPA users and groups.

This issue was reported originally in https://www.redhat.com/archives/freeipa-users/2016-February/msg00148.html

--- Additional comment from Jakub Hrozek on 2016-02-26 06:07:46 EST ---

Fixed upstream:
    master:
        b5d48539966aefbea703377ba2ebcb67f9cf88b8
        b25d33b0a775e2337014a334699156ac56b08f9b 
    sssd-1-13:
        022e4575980324c2c68a05b3f250bd1a72bc9885
        1d4d3f15b5cb9b9ffad521ddea0b1e3660587816

--- Additional comment from Jakub Hrozek on 2016-03-02 04:30:58 EST ---

To test, please make sure that id views work correctly even for IPA users on a server that does not have a trust relationship established towards an AD domain.

--- Additional comment from Mike McCune on 2016-03-28 19:37:25 EDT ---

This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions

--- Additional comment from Lukas Slebodnik on 2016-04-19 07:29:02 EDT ---

Upstream ticket:
https://fedorahosted.org/sssd/ticket/2993
Comment 1 Jakub Hrozek 2016-04-22 13:08:16 UTC 
    master:
        b5d48539966aefbea703377ba2ebcb67f9cf88b8
        b25d33b0a775e2337014a334699156ac56b08f9b 
    sssd-1-13:
        022e4575980324c2c68a05b3f250bd1a72bc9885
        1d4d3f15b5cb9b9ffad521ddea0b1e3660587816
Comment 2 Jakub Hrozek 2016-04-22 13:10:31 UTC 
Please note that if this bug is fixed, bug #1329648 must be fixed as well.
Comment 4 Jakub Hrozek 2016-04-22 17:03:33 UTC 
Additional fix:
    master: 57d8b4b9254442a568838cb60ea16068965f2df0
    sssd-1-13: e5fbaf42f87725e42a40e542c06d5f4cdf4c52c2
Comment 6 Jakub Hrozek 2016-10-05 19:03:10 UTC 
To test, please make sure that id views work correctly even for IPA users on a server that does not have a trust relationship established towards an AD domain.
Comment 10 Sudhir Menon 2016-11-26 19:35:38 UTC 
idviews works fine with ipauser as well.
Verified using RHEL73 server and RHEL6.9 IPA client.

ipa-server-4.4.0-14.el7_3.x86_64
sssd-1.14.0-43.el7_3.9.x86_64

ipa-client-3.0.0-51.el6.x86_64
sssd-1.13.3-46.el6.x86_64

Attaching the steps for verification
Comment 11 Sudhir Menon 2016-11-26 19:36:40 UTC 
Created attachment 1224645 [details]
idviews verification done for IPA user or group
Comment 13 errata-xmlrpc 2017-03-21 09:55:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0632.html