Bug 1809835
Summary: | RFE: ipa group-add-member: number of failed should also be emphasized | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Ding-Yi Chen <dchen> | |
Component: | ipa | Assignee: | Florence Blanc-Renaud <frenaud> | |
Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> | |
Severity: | medium | Docs Contact: | ||
Priority: | unspecified | |||
Version: | --- | CC: | abokovoy, cheimes, ksiddiqu, mvarun, pasik, rcritten, tscherf, twoerner | |
Target Milestone: | rc | Keywords: | FutureFeature, TestCaseProvided | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | ipa-4.8.7-1.el8 | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1817886 (view as bug list) | Environment: | ||
Last Closed: | 2020-11-04 02:50:15 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1817886 |
Description
Ding-Yi Chen
2020-03-04 01:41:27 UTC
Thank you taking your time and submitting this request for Red Hat Enterprise Linux 7. Unfortunately, this RFE cannot be kept even as a stretch goal and was moved to RHEL8 for proper evaluation. I have added a rejection validator for external members of external groups if they belong to IPA domain in this pull request upstream: https://github.com/freeipa/freeipa/pull/4374 With this change, the behavior would be following for both users and groups from IPA when they are added to an external group as external members: ------------------------------------------------------------------------- # ipa group-add-member extgrp --external admin [member user]: [member group]: [member service]: Group name: extgrp External member: S-1-5-21-3005052257-2375221410-442149667-1361, S-1-5-21-3005052257-2375221410-442149667-1380 Failed members: member user: member group: admin: invalid 'trusted domain object': Object does not belong to a trusted domain member service: ------------------------- Number of members added 0 ------------------------- # ipa group-add-member extgrp --external admins [member user]: [member group]: [member service]: Group name: extgrp External member: S-1-5-21-3005052257-2375221410-442149667-1361, S-1-5-21-3005052257-2375221410-442149667-1380 Failed members: member user: member group: admins: invalid 'trusted domain object': Object does not belong to a trusted domain member service: ------------------------- Number of members added 0 ------------------------- ---------------------------------------------------------------- Is this enough? Fixed upstream master: https://pagure.io/freeipa/c/2997a74abcfdb0ad1c0b5356949e557c3b624d3c test added upstream in ipatests/test_integration/test_sssd.py::TestSSSDWithAdTrust::test_external_group_member_mismatch Fixed upstream ipa-4-8: https://pagure.io/freeipa/c/127b8d9cf23bf65aa42e6ee9ed8d7f8628bbac19 ipa-4-7: https://pagure.io/freeipa/c/5a2f27fe036d61415a128b650d6750e2c2048b4b ipa-4-6: https://pagure.io/freeipa/c/c14e385141ea05f2709364b6f0fca844578a7652 an additional test case fix Fixed upstream master: https://pagure.io/freeipa/c/c1c45df4b25ea2a96a2b5fe59e3d7edf4303c04e ipa-4-6: https://pagure.io/freeipa/c/bce50976ca5363e2097171b36a0d9a5df652a988 https://pagure.io/freeipa/c/7b9cdfb2556bd290d5f18b0680a1cf907b4dff0c Looks good to me. Verified ipa-server version: 4.8.7 ipa-server-4.8.7-4.module+el8.3.0+7221+eedbd403.x86_64 sssd-ipa-2.3.0-4.el8.x86_64 Automated test logs of ipatests/test_integration/test_sssd.py Tested in permissive mode : http://idm-artifacts.usersys.redhat.com/trigger-test-suite-ext/master/61/trigger/report.html.gz Known issue: https://bugzilla.redhat.com/show_bug.cgi?id=1845596 ========================================== test_external_group_member_mismatch[ipa] ========================================== ------------------------------ Captured log call ------------------------------- transport.py 415 INFO STAT /bin/systemctl transport.py 513 DEBUG RUN ['ls', '/bin/systemctl'] transport.py 217 DEBUG Exit code: 0 transport.py 391 INFO RUN ['systemctl', 'stop', 'sssd'] transport.py 513 DEBUG RUN ['systemctl', 'stop', 'sssd'] transport.py 217 DEBUG Exit code: 0 transport.py 391 INFO RUN find /var/lib/sss/db -name '*.ldb' | xargs rm -fv transport.py 513 DEBUG RUN find /var/lib/sss/db -name '*.ldb' | xargs rm -fv transport.py 558 DEBUG removed '/var/lib/sss/db/config.ldb' transport.py 558 DEBUG removed '/var/lib/sss/db/sssd.ldb' transport.py 558 DEBUG removed '/var/lib/sss/db/cache_implicit_files.ldb' transport.py 558 DEBUG removed '/var/lib/sss/db/timestamps_implicit_files.ldb' transport.py 558 DEBUG removed '/var/lib/sss/db/cache_testrelm.test.ldb' transport.py 558 DEBUG removed '/var/lib/sss/db/timestamps_testrelm.test.ldb' transport.py 217 DEBUG Exit code: 0 transport.py 391 INFO RUN ['rm', '-fv', '/var/lib/sss/mc/group'] transport.py 513 DEBUG RUN ['rm', '-fv', '/var/lib/sss/mc/group'] transport.py 558 DEBUG removed '/var/lib/sss/mc/group' transport.py 217 DEBUG Exit code: 0 transport.py 391 INFO RUN ['rm', '-fv', '/var/lib/sss/mc/passwd'] transport.py 513 DEBUG RUN ['rm', '-fv', '/var/lib/sss/mc/passwd'] transport.py 558 DEBUG removed '/var/lib/sss/mc/passwd' transport.py 217 DEBUG Exit code: 0 transport.py 391 INFO RUN ['systemctl', 'start', 'sssd'] transport.py 513 DEBUG RUN ['systemctl', 'start', 'sssd'] transport.py 217 DEBUG Exit code: 0 transport.py 391 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin: transport.py 217 DEBUG Exit code: 0 transport.py 391 INFO RUN ['ipa', 'group-add', '--external', 'ext-ipatest'] transport.py 513 DEBUG RUN ['ipa', 'group-add', '--external', 'ext-ipatest'] transport.py 558 DEBUG ------------------------- transport.py 558 DEBUG Added group "ext-ipatest" transport.py 558 DEBUG ------------------------- transport.py 558 DEBUG Group name: ext-ipatest transport.py 217 DEBUG Exit code: 0 transport.py 391 INFO RUN ['ipa', '-n', 'group-add-member', 'ext-ipatest', '--external', 'user1'] transport.py 513 DEBUG RUN ['ipa', '-n', 'group-add-member', 'ext-ipatest', '--external', 'user1'] transport.py 558 DEBUG Group name: ext-ipatest transport.py 558 DEBUG Failed members: transport.py 558 DEBUG member user: transport.py 558 DEBUG member group: user1: invalid 'trusted domain object': Ambiguous search, user domain was not specified transport.py 558 DEBUG member service: transport.py 558 DEBUG member User ID override: transport.py 558 DEBUG ------------------------- transport.py 558 DEBUG Number of members added 0 transport.py 558 DEBUG ------------------------- transport.py 217 DEBUG Exit code: 1 host.py 199 ERROR stderr: transport.py 391 INFO RUN ['ipa', 'group-del', 'ext-ipatest'] transport.py 513 DEBUG RUN ['ipa', 'group-del', 'ext-ipatest'] transport.py 558 DEBUG --------------------------- transport.py 558 DEBUG Deleted group "ext-ipatest" transport.py 558 DEBUG --------------------------- transport.py 217 DEBUG Exit code: 0 ======================================= test_external_group_member_mismatch[ad] ======================================= ------------------------------ Captured log call ------------------------------- transport.py 415 INFO STAT /bin/systemctl transport.py 513 DEBUG RUN ['ls', '/bin/systemctl'] transport.py 217 DEBUG Exit code: 0 transport.py 391 INFO RUN ['systemctl', 'stop', 'sssd'] transport.py 513 DEBUG RUN ['systemctl', 'stop', 'sssd'] transport.py 217 DEBUG Exit code: 0 transport.py 391 INFO RUN find /var/lib/sss/db -name '*.ldb' | xargs rm -fv transport.py 513 DEBUG RUN find /var/lib/sss/db -name '*.ldb' | xargs rm -fv transport.py 558 DEBUG removed '/var/lib/sss/db/config.ldb' transport.py 558 DEBUG removed '/var/lib/sss/db/sssd.ldb' transport.py 558 DEBUG removed '/var/lib/sss/db/cache_implicit_files.ldb' transport.py 558 DEBUG removed '/var/lib/sss/db/timestamps_implicit_files.ldb' transport.py 558 DEBUG removed '/var/lib/sss/db/cache_testrelm.test.ldb' transport.py 558 DEBUG removed '/var/lib/sss/db/timestamps_testrelm.test.ldb' transport.py 217 DEBUG Exit code: 0 transport.py 391 INFO RUN ['rm', '-fv', '/var/lib/sss/mc/group'] transport.py 513 DEBUG RUN ['rm', '-fv', '/var/lib/sss/mc/group'] transport.py 558 DEBUG removed '/var/lib/sss/mc/group' transport.py 217 DEBUG Exit code: 0 transport.py 391 INFO RUN ['rm', '-fv', '/var/lib/sss/mc/passwd'] transport.py 513 DEBUG RUN ['rm', '-fv', '/var/lib/sss/mc/passwd'] transport.py 558 DEBUG removed '/var/lib/sss/mc/passwd' transport.py 217 DEBUG Exit code: 0 transport.py 391 INFO RUN ['systemctl', 'start', 'sssd'] transport.py 513 DEBUG RUN ['systemctl', 'start', 'sssd'] transport.py 217 DEBUG Exit code: 0 transport.py 391 INFO RUN ['kinit', 'admin'] transport.py 513 DEBUG RUN ['kinit', 'admin'] transport.py 558 DEBUG Password for admin: transport.py 217 DEBUG Exit code: 0 transport.py 391 INFO RUN ['ipa', 'group-add', '--external', 'ext-ipatest'] transport.py 513 DEBUG RUN ['ipa', 'group-add', '--external', 'ext-ipatest'] transport.py 558 DEBUG ------------------------- transport.py 558 DEBUG Added group "ext-ipatest" transport.py 558 DEBUG ------------------------- transport.py 558 DEBUG Group name: ext-ipatest transport.py 217 DEBUG Exit code: 0 transport.py 391 INFO RUN ['ipa', '-n', 'group-add-member', 'ext-ipatest', '--external', 'testuser'] transport.py 513 DEBUG RUN ['ipa', '-n', 'group-add-member', 'ext-ipatest', '--external', 'testuser'] transport.py 558 DEBUG Group name: ext-ipatest transport.py 558 DEBUG External member: S-1-5-21-2850950419-291182510-958869158-1108 transport.py 558 DEBUG ------------------------- transport.py 558 DEBUG Number of members added 1 transport.py 558 DEBUG ------------------------- transport.py 217 DEBUG Exit code: 0 transport.py 391 INFO RUN ['ipa', 'group-del', 'ext-ipatest'] transport.py 513 DEBUG RUN ['ipa', 'group-del', 'ext-ipatest'] transport.py 558 DEBUG --------------------------- transport.py 558 DEBUG Deleted group "ext-ipatest" transport.py 558 DEBUG --------------------------- transport.py 217 DEBUG Exit code: 0 Based on the result marking Bugzilla as verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:4670 |