Bug 869616
Summary: | Issues when adding AD user as member of external group | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Xiyang Dong <xdong> |
Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
Severity: | unspecified | Docs Contact: | |
Priority: | medium | ||
Version: | 6.4 | CC: | abokovoy, dpal, mkosek, sbose, spoore, xdong |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-3.0.0-8.el6 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-02-21 09:28:52 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Xiyang Dong
2012-10-24 12:29:11 UTC
Version-Release number of selected component (if applicable): ipa-server-3.0.0-105.20121018T0250zgit1cc4f7e.el6.x86_64 Upstream ticket: https://fedorahosted.org/freeipa/ticket/3211 Fixed upstream. master: fc3834ca46fa986694be6a94f0a51d74e9e532a8 ipa-3-0: 4cf3c2d5053bad8e62a80ffa586f8d5c1f7e41cd Created bug #874671 to cover missing error message as separate case/issue here. Created bug #874674 to cover invalid/non-existent SID adds as a separate case/issue here. Verified. It should be noted that the 1> case is the only one fixed here. The other two (2>) cases are being handled in the separate bugs listed in comment #5 and comment #6. Version :: ipa-server-3.0.0-8.el6.x86_64 Manual Test Results :: [root@rhel6-1 ~]# ipa group-add --desc='adtestdom.com adtestgroup1' adtestdom_adtestgroup1 ------------------------------------ Added group "adtestdom_adtestgroup1" ------------------------------------ Group name: adtestdom_adtestgroup1 Description: adtestdom.com adtestgroup1 GID: 1735800006 [root@rhel6-1 ~]# ipa group-add --desc='adtestdom.com adtestgroup1 external' adtestdom_adtestgroup1_external --external --------------------------------------------- Added group "adtestdom_adtestgroup1_external" --------------------------------------------- Group name: adtestdom_adtestgroup1_external Description: adtestdom.com adtestgroup1 external [root@rhel6-1 ~]# ipa group-add-member adtestdom_adtestgroup1 --groups=adtestdom_adtestgroup1_external Group name: adtestdom_adtestgroup1 Description: adtestdom.com adtestgroup1 GID: 1735800006 Member groups: adtestdom_adtestgroup1_external ------------------------- Number of members added 1 ------------------------- [root@rhel6-1 ~]# ipa group-add-member adtestdom_adtestgroup1_external --external "ADTESTDOM\adtestgroup1" [member user]: [member group]: Group name: adtestdom_adtestgroup1_external Description: adtestdom.com adtestgroup1 external External member: S-1-5-21-1246088475-3077293710-2580964704-1135 Member of groups: adtestdom_adtestgroup1 ------------------------- Number of members added 1 ------------------------- Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0528.html now it's able to add by name but unable to delete by name [root@rt aduser1]# rpm -q ipa-server ipa-server-3.0.0-25.el6.x86_64 [root@rt aduser1]# ipa group-add-member adgroup1 --external "ADLAB\aduser1" [member user]: [member group]: Group name: adgroup1 Description: adgroup1 External member: S-1-5-21-3452862912-1583780823-338435951-1139 ------------------------- Number of members added 1 ------------------------- [root@rt aduser1]# ipa group-remove-member adgroup1 --external "ADLAB\aduser1" [member user]: [member group]: Group name: adgroup1 Description: adgroup1 External member: S-1-5-21-3452862912-1583780823-338435951-1139 --------------------------- Number of members removed 0 --------------------------- [root@rt aduser1]# ipa group-remove-member adgroup1 --external=S-1-5-21-3452862912-1583780823-338435951-1139 [member user]: [member group]: Group name: adgroup1 Description: adgroup1 External member: --------------------------- Number of members removed 1 --------------------------- The suggestion is that it used to work. Is that the case? I don't think it did. We'd need a new bug to add this functionality. |