Bug 1404770

Summary: ID Views: do not allow custom Views for the masters
Product: Red Hat Enterprise Linux 7 Reporter: Thorsten Scherf <tscherf>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Kaleem <ksiddiqu>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3CC: apetrova, cheimes, frenaud, mkosek, pasik, pcech, pvoborni, rcritten, sorlov, ssidhaye
Target Milestone: rcKeywords: TestCaseProvided
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.6.6-12.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1405014 (view as bug list) Environment:
Last Closed: 2020-09-29 19:58:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1405014    

Description Thorsten Scherf 2016-12-14 15:31:21 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/5662

The FreeIPA server itself only supports the default ID View, it does not work with customized views for host groups.

The Web UI/CLI should be extended with a validation, to forbid adding FreeIPA servers to the unsupported views. The validator would avoid user confusion when the custom ID View is not working.
Comment 1 Martin Kosek 2016-12-15 11:19:41 UTC 
Could we solve this also by admonition to
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/id-views-different.html
and mentioned that ID View cannot be applied to IPA servers? I am not sure it is mentioned somewhere.
Comment 2 Aneta Šteflová Petrová 2016-12-15 11:54:07 UTC 
(In reply to Martin Kosek from comment #1)
> Could we solve this also by admonition to
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/
> html/Linux_Domain_Identity_Authentication_and_Policy_Guide/id-views-
> different.html
> and mentioned that ID View cannot be applied to IPA servers? I am not sure
> it is mentioned somewhere.

Sure, I cloned this BZ to create doc BZ#1405014.
Comment 6 Christian Heimes 2020-03-19 09:56:07 UTC 
Fixed upstream
master:
https://pagure.io/freeipa/c/e08f7a9ef3df3c345b4c066f974608ad32b57571
https://pagure.io/freeipa/c/20d601e9c389405f75c78bfb010883f3f23bbdd5
Comment 7 Christian Heimes 2020-03-19 11:43:41 UTC 
Fixed upstream
ipa-4-6:
https://pagure.io/freeipa/c/0d62f3de06520282c9656e13ca07e503f1d48c59
https://pagure.io/freeipa/c/e946b879750d0b316b25902f15b7f5a0a078012e
ipa-4-7:
https://pagure.io/freeipa/c/e9bf4edbee28ea28d9d0a0ead834773c46861c4c
https://pagure.io/freeipa/c/454168fadd19e0b613e76266ca62157bf2befe67
Comment 8 Florence Blanc-Renaud 2020-03-19 11:49:34 UTC 
Test case provided in ipatests/test_integration/test_idviews.py, hence adding TestCaseProvided keyword.
Comment 9 Florence Blanc-Renaud 2020-03-19 15:33:23 UTC 
Fixed upstream
ipa-4-8:
https://pagure.io/freeipa/c/7905891341197cb90faf635cf93ce63ae7a7a38b
https://pagure.io/freeipa/c/c37a84628601d369f83546085b7e29be8fe11a59
Comment 12 Sergey Orlov 2020-04-17 10:58:51 UTC 
Fix verified on RHEL7.9 with compose RHEL-7.9-20200407.0

ipa-server-4.6.8-1.el7.x86_64

Using upstream automated test:
test_xmlrpc/test_idviews_plugin.py::test_idviews::test_command[0042: idview_apply: Apply idview1 to master.testrelm.test] PASSED [ 49%]
test_xmlrpc/test_idviews_plugin.py::test_idviews::test_command[0043: idview_apply: Apply idview1 to ipaservers] PASSED [ 49%]
Comment 14 errata-xmlrpc 2020-09-29 19:58:29 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: ipa security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:3936