Bug 773488

Summary: Make ipausers a non-posix group on new installs
Product: Red Hat Enterprise Linux 6 Reporter: Dmitri Pal <dpal>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.3CC: jgalipea, mkosek
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-2.2.0-3.el6 Doc Type: Bug Fix
Doc Text:
No documentation needed.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-20 13:29:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Dmitri Pal 2012-01-11 23:15:02 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2238

It doesn't make a lot of sense for ipausers to be a posix group and we will save a few cycles in compat and sssd by making it non-posix.

This is for new installs only.
Comment 1 Martin Kosek 2012-02-24 09:26:37 UTC 
Fixed upstream:

master: af233fbda188e00ec2504765788a90da633c4f59
ipa-2-2: 2334ef2d57704f71779f82302933321bf05dd9ef
Comment 3 Jenny Severance 2012-03-21 20:30:24 UTC 
verified :

# ipa group-show --all --raw ipausers
  dn: cn=ipausers,cn=groups,cn=accounts,dc=testrelm,dc=com
  cn: ipausers
  description: Default group for all users
  ipauniqueid: 183217b8-71eb-11e1-a45a-5254009e206c
  objectclass: top
  objectclass: groupofnames
  objectclass: nestedgroup
  objectclass: ipausergroup
  objectclass: ipaobject

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-group-cli-91: bz773488 - Make ipausers a non-posix group on new installs
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: Group type is ipa
:: [   LOG    ] :: objectclass top was returned as expected with group-show --all
:: [   LOG    ] :: objectclass groupofnames was returned as expected with group-show --all
:: [   LOG    ] :: objectclass nestedgroup was returned as expected with group-show --all
:: [   LOG    ] :: objectclass ipausergroup was returned as expected with group-show --all
:: [   LOG    ] :: objectclass ipaobject was returned as expected with group-show --all
:: [   PASS   ] :: Verify ipauser group objectclasses.
:: [   LOG    ] :: Duration: 3s
:: [   LOG    ] :: Assertions: 1 good, 0 bad
:: [   PASS   ] :: RESULT: ipa-group-cli-91: bz773488 - Make ipausers a non-posix group on new installs

version:
ipa-server-2.2.0-4.el6.x86_64
Comment 5 Martin Kosek 2012-04-20 09:03:32 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed.
Comment 7 errata-xmlrpc 2012-06-20 13:29:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0819.html