Bug 952754

Summary: [RFE] Add option for filtering groups by type (posix,..) in group-find command
Product: Red Hat Enterprise Linux 7 Reporter: Dmitri Pal <dpal>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED CURRENTRELEASE QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.0CC: mgregg, mkosek, nsoman, pvoborni
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-3.2.1-1.el7 Doc Type: Enhancement
Doc Text:
Feature: Filter groups by group type. Current types: - POSIX group is a group with object class posixGroup - external group is a group with object class ipaExternalGroup - non-POSIX group is a group which is not posix nor external: it doesn't have posixGroup nor ipaExternalGroup object class. Reason: There was no possibility to find all groups of certain type. Result (if any): New flags were added to group find command: --posix --nonposix --external When a flag is set, filtering is done according to a mapping described above. No Web UI impact.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 12:37:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dmitri Pal 2013-04-16 15:45:56 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/3483

Groups can't be filtered by type [normal, posix, external].

This feature will be really useful for implementing Web UI part of #3333. There, user have to specify posix group, but Web UI can get only filtered list of all groups. Selecting non-posix group results in error.
Comment 1 Martin Kosek 2013-04-22 10:31:32 UTC 
Fixed upstream:
master: e64db8cbc2e9571200cd14e7d2313102022c2813

Design page:
http://www.freeipa.org/page/V3/Filtering_groups_by_type

New group-find options:
group-find --external
group-find --posix
group-find --nonposix
Comment 4 Michael Gregg 2014-01-29 22:35:00 UTC 
Verified against ipa-server-3.3.3-12.el7.x86_64

To be automated.

Results are as expected:

[root@zippyvm8 ~]# ipa group-find --nonposix
----------------
2 groups matched
----------------
  Group name: ipausers
  Description: Default group for all users
  Member users: newguser

  Group name: trust admins
  Description: Trusts administrators group
  Member users: admin
----------------------------
Number of entries returned 2
----------------------------
[root@zippyvm8 ~]# 
[root@zippyvm8 ~]# ipa group-find --posix
----------------
2 groups matched
----------------
  Group name: admins
  Description: Account administrators group
  GID: 1127200000
  Member users: admin

  Group name: editors
  Description: Limited admins who can edit other users
  GID: 1127200002
----------------------------
Number of entries returned 2
----------------------------
[root@zippyvm8 ~]# ipa group-find --external
----------------
0 groups matched
----------------
----------------------------
Number of entries returned 0
----------------------------
Comment 5 Michael Gregg 2014-02-27 03:19:58 UTC 
Additional, I did not completely verify this bug on the first pass. 

I did not test a match for a external group.

Verification complete:

[root@ipaqavmc ~]# ipa group-add --external --desc=desc extgrp
--------------------
Added group "extgrp"
--------------------
  Group name: extgrp
  Description: desc
[root@ipaqavmc ~]# ipa group-find --external
---------------
1 group matched
---------------
  Group name: extgrp
  Description: desc
----------------------------
Number of entries returned 1
----------------------------
Comment 6 Ludek Smid 2014-06-13 12:37:20 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.