Bug 874671

Summary: ipa group-add-member missing error message when adding duplicate external members
Product: Red Hat Enterprise Linux 7 Reporter: Scott Poore <spoore>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED CURRENTRELEASE QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.0CC: dpal, mkosek, nsoman, sbose, xdong
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-3.2.1-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 09:33:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Scott Poore 2012-11-08 15:51:41 UTC 
Description of problem:

From xdong's description in bug #869616:

2> when adding duplicate AD user behaviour is different from regular duplicate user
 
# ipa group-add-member --user=ttt aa
  Group name: aa
  Description: aaa
  External member: s-1-5-21-2048782538-2375889789-2933420090-1175, s-1-5-21-2048782538-2375889789-2933420090-1176,
                   s-1-5-21-2048782538-2375889789-2933420090-1179, s-1-5-21-2048782538-2375889789-2933420090-1155,
                   s-1-5-21-2048782538-2375889789-2933420090-1100
  Member users: ttt
  Member groups: ttt
  Failed members:
    member user: ttt: This entry is already a member
    member group:
-------------------------
Number of members added 0
-------------------------

# ipa group-add-member --external=s-1-5-21-2048782538-2375889789-2933420090-1175 aa
[member user]:
[member group]:
  Group name: aa
  Description: aaa
  External member: s-1-5-21-2048782538-2375889789-2933420090-1175, s-1-5-21-2048782538-2375889789-2933420090-1176,
                   s-1-5-21-2048782538-2375889789-2933420090-1179, s-1-5-21-2048782538-2375889789-2933420090-1155,
                   s-1-5-21-2048782538-2375889789-2933420090-1100
  Member users: ttt
  Member groups: ttt
-------------------------
Number of members added 0
-------------------------

Version-Release number of selected component (if applicable):
ipa-server-3.0.0-106.20121106T0229zgit881fc3a.el6.x86_64

How reproducible:
always


Steps to Reproduce:
1.  Setup IPA Master with trust to AD domain
2.  ipa group-add groupname --desc=desc --external
3.  ipa group-add-member groupname --external <SID|AD\name|name.com>
4.  ipa group-add-member groupname --external <SID|AD\name|name.com>
  
Actual results:
nothing added but, does not show "This entry is already a member" message like with normal user/group members.

Expected results:
Shows the same error message.

Additional info:
Comment 2 Dmitri Pal 2012-11-13 14:19:55 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/3254
Comment 4 Rob Crittenden 2013-03-14 18:05:17 UTC 
*** Bug 920702 has been marked as a duplicate of this bug. ***
Comment 5 Rob Crittenden 2013-03-14 18:08:58 UTC 
Fixed in master, re-pointing to the 7.0 release (with Namita's blessing).

master: 66356f0daf2a55c7e64dc648e0f8c765e9a56151

When adding a duplicate member to a group, an error message is issued, informing the user that the entry is already a member of the group. Similarly, when trying to delete an entry which is not a member, an error message is issued, informing the user that the entry is not a member of the group. These error messages were missing in case of external members.

This patch also adds support for using the AD\name or name.com format in ipa group-remove-member command.
Comment 8 Scott Poore 2013-08-22 18:09:35 UTC 
Verified.

Version :: 
ipa-server-3.3.0-7.el7.x86_64

Manually run automated test results ::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa_trust_func_BZ874671:  ipa group-add-member missing error message when adding duplicate external members
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

---------------------------------------
Added group "ipa_trunc_func_bug_874671"
---------------------------------------
  Group name: ipa_trunc_func_bug_874671
  Description: desc
:: [   PASS   ] :: Running 'ipa group-add --desc=desc ipa_trunc_func_bug_874671 --external' (Expected 0, got 0)
  Group name: ipa_trunc_func_bug_874671
  Description: desc
  External member: S-1-5-21-1111600086-3918383388-1921175064-513
-------------------------
Number of members added 1
-------------------------
:: [   PASS   ] :: Running 'ipa group-add-member ipa_trunc_func_bug_874671 --users '' --groups '' --external 'AD1\Domain Users'' (Expected 0, got 0)
:: [   PASS   ] :: Running 'ipa group-add-member ipa_trunc_func_bug_874671 --users '' --groups '' --external 'AD1\Domain Users' > /tmp/ipa_trunc_func_bug_874671.tmpout 2>&1' (Expected 1, got 1)
  Group name: ipa_trunc_func_bug_874671
  Description: desc
  External member: S-1-5-21-1111600086-3918383388-1921175064-513
  Failed members: 
    member user: 
    member group: S-1-5-21-1111600086-3918383388-1921175064-513: This entry is already a member
-------------------------
Number of members added 0
-------------------------
:: [   PASS   ] :: Running 'cat /tmp/ipa_trunc_func_bug_874671.tmpout' (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/ipa_trunc_func_bug_874671.tmpout' should contain 'This entry is already a member' 
:: [   PASS   ] :: BZ 874671 not found 
:: [ 14:08:12 ] ::  Cleaning up after test
-----------------------------------------
Deleted group "ipa_trunc_func_bug_874671"
-----------------------------------------
:: [   PASS   ] :: Running 'ipa group-del ipa_trunc_func_bug_874671' (Expected 0, got 0)
Comment 9 Ludek Smid 2014-06-13 09:33:05 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.