Bug 671017

Summary:	option "--all" list output twice: in ipa permission-find <permission name> --all
Product:	[Retired] freeIPA	Reporter:	Yi Zhang <yzhang>
Component:	ipa-server	Assignee:	Rob Crittenden <rcritten>
Status:	CLOSED ERRATA	QA Contact:	Chandrasekar Kannan <ckannan>
Severity:	medium	Docs Contact:
Priority:	low
Version:	2.0	CC:	benl, dpal, jgalipea, mkosek
Target Milestone:	---
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	freeipa-2.0.0-1.fc15	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2012-03-28 09:41:21 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:

Description Yi Zhang 2011-01-19 22:39:47 UTC

Description of problem:
[yi@dhcp-137 ipa-delegation]$ ipa permission-find testper --all
---------------------
2 permissions matched
---------------------
  dn: cn=testper,cn=permissions,cn=pbac,dc=sjc,dc=redhat,dc=com
  Permission name: testper
  Description: testper
  Permissions: add
  Type: user
  objectclass: groupofnames, top

  dn: cn=testper,cn=permissions,cn=pbac,dc=sjc,dc=redhat,dc=com
  Permission name: testper
  Description: testper
  Permissions: add
  Type: user
----------------------------
Number of entries returned 2
----------------------------

===> I don't know if it because --all listed it twice or there are 2 identical records in ldap. If no "--all" given for permission-find, there is only ONE record returned. So I believe "--all" just list same record twice

[step 1] create record:
[yi@dhcp-137 ipa-delegation]$ ipa permission-add testPer --desc=testper --permissions=add --type=user
--------------------------
Added permission "testper"
--------------------------
  Permission name: testper
  Description: testper
  Permissions: add
  Type: user


[step 2] run permission-find without "--all"
[yi@dhcp-137 ipa-delegation]$ ipa permission-find testper
--------------------
1 permission matched
--------------------
  Permission name: testper
  Description: testper
  Permissions: add
  Type: user
----------------------------
Number of entries returned 1
----------------------------

[step 3] with --all option:
[yi@dhcp-137 ipa-delegation]$ ipa permission-find testper --all
---------------------
2 permissions matched
---------------------
  dn: cn=testper,cn=permissions,cn=pbac,dc=sjc,dc=redhat,dc=com
  Permission name: testper
  Description: testper
  Permissions: add
  Type: user
  objectclass: groupofnames, top

  dn: cn=testper,cn=permissions,cn=pbac,dc=sjc,dc=redhat,dc=com
  Permission name: testper
  Description: testper
  Permissions: add
  Type: user
----------------------------
Number of entries returned 2
----------------------------

[step 4] delete this permission and search again
[yi@dhcp-137 ipa-delegation]$ ipa permission-del testper
----------------------------
Deleted permission "testper"
----------------------------
[yi@dhcp-137 ipa-delegation]$ ipa permission-find testper --all
---------------------
0 permissions matched
---------------------
----------------------------
Number of entries returned 0
----------------------------

===everything back to perfect====


Version-Release number of selected component (if applicable): always


How reproducible: always

Comment 1 Yi Zhang 2011-01-19 22:48:06 UTC

if you do as "--all --raw" only one entry returned:

[yi@dhcp-137 ipa-delegation]$ ipa permission-find testper --all 
---------------------
2 permissions matched
---------------------
  dn: cn=testper,cn=permissions,cn=pbac,dc=sjc,dc=redhat,dc=com
  Permission name: testper
  Description: testper
  Permissions: add
  Target group: ipausers
  objectclass: groupofnames, top

  dn: cn=testper,cn=permissions,cn=pbac,dc=sjc,dc=redhat,dc=com
  Permission name: testper
  Description: testper
  Permissions: add
  Target group: ipausers
----------------------------
Number of entries returned 2
----------------------------
[yi@dhcp-137 ipa-delegation]$ ipa permission-find testper --all --raw
--------------------
1 permission matched
--------------------
  dn: cn=testper,cn=permissions,cn=pbac,dc=sjc,dc=redhat,dc=com
  cn: testper
  description: testper
  permissions: add
  targetgroup: ipausers
  objectclass: groupofnames
  objectclass: top
----------------------------
Number of entries returned 1
----------------------------

Comment 2 Dmitri Pal 2011-01-19 23:39:56 UTC

https://fedorahosted.org/freeipa/ticket/815


I was able to reproduce this one with adding a new permission via UI and then running the CLI command.

Comment 3 Martin Kosek 2011-01-28 13:14:37 UTC

I wasn't able to reproduce the issue on current IPA master. There were many fixes in permission and ACI plugin which probably fixed the root cause (especially ticket #764).

I tried several scenarios including Dmitri's reproduction scheme and it worked correctly for me - permission was not listed twice.

Please test this issue on current IPA version (after the fix in ticket #764) and
if this issue is not fixed I will reopen the ticket.