Bug 669548

Summary: ipa permission-add: use same description for different permission gives error
Product: [Retired] freeIPA Reporter: Yi Zhang <yzhang>
Component: ipa-serverAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: low    
Version: 2.0CC: benl, dpal, jgalipea, mkosek
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: freeipa-2.0.0-1.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-28 09:40:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Yi Zhang 2011-01-13 22:17:27 UTC 
Description of problem:

yi zhang wrote:
> Hi:
> I get the following error msg , is this a bug?
>
> I do re-use the value for "desc" and "permissions", but the value for
> "targetgroup" is different, How come the "entry already exists"?
>
> [yi@dhcp-137 ipa-delegation]$ ipa permission-add --desc='Manage group
> members' --permissions=write --targetgroup=group11448 manage_grp_11448
> ipa: ERROR: This entry already exists
>
> [yi@dhcp-137 ipa-delegation]$ ipa permission-find manage
> ---------------------
> 5 permissions matched
> ---------------------
> Permission name: manage_host_keytab
> Description: Manage host keytab
> Permissions: write
> Attributes: krbprincipalkey, krblastpwdchange
> Type: host
> Granted to Privilege: hostadmin, enrollhost
>
> Permission name: manage_service_keytab
> Description: Manage service keytab
> Permissions: write
> Attributes: krbprincipalkey, krblastpwdchange
> Type: service
> Granted to Privilege: serviceadmin, admins
>
> Permission name: manage_group_members
> Description: Manage group members
> Permissions: write
> Attributes: member
> Type: group
>
> Permission name: manage_host_keytab
> Description: Manage host keytab
> Permissions: write
> Attributes: krbprincipalkey, krblastpwdchange
> Type: host
> Granted to Privilege: hostadmin, enrollhost
>
> Permission name: manage_service_keytab
> Description: Manage service keytab
> Permissions: write
> Attributes: krbprincipalkey, krblastpwdchange
> Type: service
> Granted to Privilege: serviceadmin, admins
> ----------------------------
> Number of entries returned 5
> ----------------------------
>
>
> Thanks!
>

Ok, I see. The problem is that the descriptions of permissions are in the same namespace, so two permissions with the different names can't use the same description. Probably a bug.

rob 


Version-Release number of selected component (if applicable): ipa-server-2.0-0.2011011115gitc778919.fc14.i686


How reproducible:


Steps to Reproduce:
1.ipa-delegation]$ ipa permission-add --desc='Manage group
members' --permissions=write --targetgroup=group11448 manage_grp_11448 
2.ipa-delegation]$ ipa permission-add --desc='Manage group
members' --permissions=write --targetgroup=ipausers manage_grp 

  
Actual results:
ipa: ERROR: This entry already exists

Expected results:
permission added into ipa

Additional info:
Comment 1 Dmitri Pal 2011-01-13 23:52:20 UTC 
https://fedorahosted.org/freeipa/ticket/764
Comment 2 Martin Kosek 2011-01-27 12:28:13 UTC 
Fixed in 65a146cdca7c62301b5be978027a44d880424529.