Bug 1187540
| Summary: | Full set of objectclass not available post group detach. | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Gowrishankar Rajaiyan <grajaiya> |
| Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
| Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.1 | CC: | drieden, grajaiya, mkosek, rcritten |
| Target Milestone: | rc | Keywords: | Regression |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-4.1.0-18.el7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-03-05 10:19:40 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1187501 | ||
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ipa-group-cli-rename-02: Rename group after detaching from the UPG :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ BEGIN ] :: Detach user's private group. :: actually running 'detachUPG supercr1' ---------------------------------------------- Detached group "supercr1" from user "supercr1" ---------------------------------------------- :: [ 07:48:34 ] :: User Private Group supercr1 detached successfully. :: [ PASS ] :: Detach user's private group. (Expected 0, got 0) :: [ BEGIN ] :: Verify group is regular group now. :: actually running 'verifyGroupClasses supercr1 posix' :: [ 07:48:35 ] :: Group type is posix objectclass: posixgroup, top, ipaobject :: [ 07:48:35 ] :: objectclass top was returned as expected with group-show --all :: [ 07:48:36 ] :: ERROR - objectclass groupofnames was not returned with group-show --all :: [ 07:48:36 ] :: ERROR - objectclass nestedgroup was not returned with group-show --all :: [ 07:48:36 ] :: ERROR - objectclass ipausergroup was not returned with group-show --all objectclass: posixgroup, top, ipaobject :: [ 07:48:36 ] :: objectclass ipaobject was returned as expected with group-show --all objectclass: posixgroup, top, ipaobject :: [ 07:48:36 ] :: objectclass posixgroup was returned as expected with group-show --all :: [ FAIL ] :: Verify group is regular group now. (Expected 0, got 1) Upstream ticket: https://fedorahosted.org/freeipa/ticket/4874 *** Bug 1187548 has been marked as a duplicate of this bug. *** This is indeed a RHEL-7.1 regression, patch fixing it submitted upstream. [root@apollo ~]# ipa user-add shanks --first=Gowrishankar --last=Rajaiyan ------------------- Added user "shanks" ------------------- User login: shanks First name: Gowrishankar Last name: Rajaiyan Full name: Gowrishankar Rajaiyan Display name: Gowrishankar Rajaiyan Initials: GR Home directory: /home/shanks GECOS: Gowrishankar Rajaiyan Login shell: /bin/sh Kerberos principal: shanks.ENG.BOS.REDHAT.COM Email address: shanks.eng.bos.redhat.com UID: 1610000003 GID: 1610000003 Password: False Member of groups: ipausers Kerberos keys available: False [root@apollo ~]# ipa group-detach shanks ------------------------------------------ Detached group "shanks" from user "shanks" ------------------------------------------ [root@apollo ~]# ipa group-show --all Group name: shanks dn: cn=shanks,cn=groups,cn=accounts,dc=idmqe,dc=lab,dc=eng,dc=bos,dc=redhat,dc=com Group name: shanks Description: User private group for shanks GID: 1610000003 ipauniqueid: b3e9fb7a-aae2-11e4-9975-0015172f2b30 objectclass: ipaobject, top, ipausergroup, posixgroup, groupofnames, nestedgroup [root@apollo ~]# [root@apollo ~]# ipa group-add-member shanks --users=user0001 Group name: shanks Description: User private group for shanks GID: 1610000003 Member users: user0001 ------------------------- Number of members added 1 ------------------------- [root@apollo ~]# ipa group-show --all shanks dn: cn=shanks,cn=groups,cn=accounts,dc=idmqe,dc=lab,dc=eng,dc=bos,dc=redhat,dc=com Group name: shanks Description: User private group for shanks GID: 1610000003 Member users: user0001 ipauniqueid: b3e9fb7a-aae2-11e4-9975-0015172f2b30 objectclass: ipaobject, top, ipausergroup, posixgroup, groupofnames, nestedgroup [root@apollo ~]# [root@apollo ~]# ipa group-mod --rename=new_group1 shanks ----------------------- Modified group "shanks" ----------------------- Group name: new_group1 Description: User private group for shanks GID: 1610000003 Member users: user0001 [root@apollo ~]# ipa group-find new_group1 --------------- 1 group matched --------------- Group name: new_group1 Description: User private group for shanks GID: 1610000003 Member users: user0001 ---------------------------- Number of entries returned 1 ---------------------------- [root@apollo ~]# [root@apollo ~]# rpm -q ipa-server ipa-server-4.1.0-18.el7.x86_64 [root@apollo ~]# Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0442.html |
Description of problem: After detaching a managed group from user, the full set of objectclass is not available. And hence, adding a user to this group post detach fails. Version-Release number of selected component (if applicable): ipa-server-4.1.0-16.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. ipa user-add --first gs --last r shanks 2. ipa group-detach shanks 3. ipa group-show shanks --all 4. ipa group-add-member shanks --users=user1 Actual results: [root@qe-blade-05 ~]# ipa group-show shanks --all dn: cn=shanks,cn=groups,cn=accounts,dc=idmqe,dc=lab,dc=eng,dc=bos,dc=redhat,dc=com Group name: shanks Description: User private group for shanks GID: 787600007 ipauniqueid: 5f1a1a88-a873-11e4-947d-00215e2032c0 objectclass: posixgroup, top, ipaobject [root@qe-blade-05 ~]# [root@qe-blade-05 ~]# ipa group-add-member shanks --users=user1 Group name: shanks Description: User private group for shanks GID: 787600007 Failed members: member user: user1: attribute "member" not allowed member group: ------------------------- Number of members added 0 ------------------------- [root@qe-blade-05 ~]# Expected results: Should contain full set of objectclass post detach and should be able to add a user to it. Additional info: https://fedorahosted.org/freeipa/ticket/250