Bug 801622

Summary: ipa host-find --in-sudorule does not match hosts in specified sudorule if insertion order is wrong
Product: Red Hat Enterprise Linux 6 Reporter: Michael Gregg <mgregg>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED NOTABUG QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.3CC: mkosek
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-13 16:46:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Michael Gregg 2012-03-09 02:08:40 UTC 
Description of problem:
I add a host to a sudorule, then, I add the host to the system, then searching for that host with ipa host-find --in-sudorule=<sudorule> returns zero results

Version-Release number of selected component (if applicable):
ipa-server-2.2.0-2.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. kinit as admin
2. ipa sudorule-add srule
3. ipa sudorule-add-host --hosts=h.testrelm.com srule
4. ipa host-add --ip-address=4.2.2.2 h.testrelm.com
5. ipa host-find --in-sudorule srule
  
Actual results:
[root@ipaqavmc ipa-host-cli]# ipa host-find --in-sudorule srule
---------------
0 hosts matched
---------------
----------------------------
Number of entries returned 0
----------------------------


Expected results:
I expect the search to return h.testrelm.com

Additional info:
I am adding the host to the sudorule before the hosts exists. 

searching for the host if it is added to the sudorule in the correct order works properly.
Comment 2 Martin Kosek 2012-03-09 09:17:30 UTC 
I do not think this is a bug. When you add a host that's not enrolled in IPA, it is considered as an External host and is also stored in a different LDAP attribute (externalHost) than regular IPA hosts (memberHost with DN to IPA host).

If you use the correct order or remove/add your host to srule, it should be added as a standard IPA host and host-find --in-sudorule will work.
Comment 3 Martin Kosek 2012-03-13 16:46:49 UTC 
I see no objections, closing as NOTABUG.