Bug 1188195 - Fax number not displayed for user-show when kinit'ed as normal user.
Summary: Fax number not displayed for user-show when kinit'ed as normal user.
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.1
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Namita Soman
URL:
Whiteboard:
Keywords: Regression, ZStream
Depends On:
Blocks: 1198430
TreeView+ depends on / blocked
 
Reported: 2015-02-02 10:11 UTC by Gowrishankar Rajaiyan
Modified: 2015-11-19 12:01 UTC (History)
8 users (show)

(edit)
Both anonymous and authenticated users lose the default permission to read the "facsimiletelephonenumber" user attribute after upgrading to the Red Hat Enterprise Linux 7.1 version of Identity Management (IdM). To manually change the new default setting and make the attribute readable again, run the "ipa permission-mod 'System: Read User Addressbook Attributes' --includedattrs facsimiletelephonenumber" command.
Clone Of:
: 1198430 (view as bug list)
(edit)
Last Closed: 2015-11-19 12:01:14 UTC


Attachments (Terms of Use)
Verification_logs (7.41 KB, text/plain)
2015-08-14 05:08 UTC, Abhijeet Kasurde
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:2362 normal SHIPPED_LIVE ipa bug fix and enhancement update 2015-11-19 10:40:46 UTC

Description Gowrishankar Rajaiyan 2015-02-02 10:11:21 UTC
Description of problem: Use user-mod to set fax number. Kinit as user and try to user-show. Fax number set previously is missing when queried as user.


Version-Release number of selected component (if applicable):
ipa-server-4.1.0-17.el7.x86_64


How reproducible: Always


Steps to Reproduce:
1. kinit admin
2. ipa user-add user0001 --first=user0001 --last=user0001 --password
3. ipa user-mod user0001 --fax=777-777-7777
4. kinit user0001
5. ipa user-show user0001 --all

Actual results: 
"ipa user-show user0001 --all" does not list the fax number.


Expected results:
"ipa user-show user0001 --all" should list the fax number.


Additional info:
[root@apollo ~]# ipa user-mod user0001 --fax=777-777-7777
------------------------
Modified user "user0001"
------------------------
  User login: user0001
  First name: user0001
  Last name: user0001
  Home directory: /home/user0001
  Login shell: /bin/sh
  Email address: user0001@idmqe.lab.eng.bos.redhat.com
  UID: 1610000001
  GID: 1610000001
  Fax Number: 777-777-7777
  Account disabled: False
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True
[root@apollo ~]#

[root@apollo ~]# echo Secret_123 | kinit user0001
Password for user0001@IDMQE.LAB.ENG.BOS.REDHAT.COM: 
[root@apollo ~]# ipa user-find user0001 --fax=777-777-7777
---------------
0 users matched
---------------
----------------------------
Number of entries returned 0
----------------------------
[root@apollo ~]#

[root@apollo ~]# ipa user-show user0001 --all
  dn: uid=user0001,cn=users,cn=accounts,dc=idmqe,dc=lab,dc=eng,dc=bos,dc=redhat,dc=com
  User login: user0001
  First name: user0001
  Last name: user0001
  Full name: user0001 user0001
  Display name: user0001 user0001
  Initials: uu
  Home directory: /home/user0001
  GECOS: user0001 user0001
  Login shell: /bin/sh
  Kerberos principal: user0001@IDMQE.LAB.ENG.BOS.REDHAT.COM
  Email address: user0001@idmqe.lab.eng.bos.redhat.com
  UID: 1610000001
  GID: 1610000001
  Account disabled: False
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True
  ipauniqueid: 4d5472b0-aabe-11e4-b2a7-0015172f2b30
  krblastpwdchange: 20150202094641Z
  krbpasswordexpiration: 20150503094641Z
  objectclass: ipaSshGroupOfPubKeys, ipaobject, mepOriginEntry, person, top, ipasshuser, inetorgperson, organizationalperson, krbticketpolicyaux, krbprincipalaux, inetuser, posixaccount
[root@apollo ~]# 

Now, kinit as admin:

[root@apollo ~]# echo Secret123 | kinit admin
Password for admin@IDMQE.LAB.ENG.BOS.REDHAT.COM: 
[root@apollo ~]# ipa user-show user0001 --all
  dn: uid=user0001,cn=users,cn=accounts,dc=idmqe,dc=lab,dc=eng,dc=bos,dc=redhat,dc=com
  User login: user0001
  First name: user0001
  Last name: user0001
  Full name: user0001 user0001
  Display name: user0001 user0001
  Initials: uu
  Home directory: /home/user0001
  GECOS: user0001 user0001
  Login shell: /bin/sh
  Kerberos principal: user0001@IDMQE.LAB.ENG.BOS.REDHAT.COM
  Email address: user0001@idmqe.lab.eng.bos.redhat.com
  UID: 1610000001
  GID: 1610000001
  Fax Number: 777-777-7777
  Account disabled: False
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True
  ipauniqueid: 4d5472b0-aabe-11e4-b2a7-0015172f2b30
  krbextradata: AAKBR89Ua2FkbWluZEBJRE1RRS5MQUIuRU5HLkJPUy5SRURIQVQuQ09NAA==
  krblastpwdchange: 20150202094641Z
  krblastsuccessfulauth: 20150202095810Z
  krbloginfailedcount: 0
  krbpasswordexpiration: 20150503094641Z
  krbticketflags: 128
  mepmanagedentry: cn=user0001,cn=groups,cn=accounts,dc=idmqe,dc=lab,dc=eng,dc=bos,dc=redhat,dc=com
  objectclass: ipaSshGroupOfPubKeys, ipaobject, mepOriginEntry, person, top, ipasshuser, inetorgperson, organizationalperson, krbticketpolicyaux, krbprincipalaux, inetuser, posixaccount
[root@apollo ~]# 


Missing attributes for normal user:
  Fax Number: 777-777-7777
  krbextradata: AAKBR89Ua2FkbWluZEBJRE1RRS5MQUIuRU5HLkJPUy5SRURIQVQuQ09NAA==
  krblastsuccessfulauth: 20150202095810Z
  krbloginfailedcount: 0
  krbpasswordexpiration: 20150503094641Z
  krbticketflags: 128
  mepmanagedentry: cn=user0001,cn=groups,cn=accounts,dc=idmqe,dc=lab,dc=eng,dc=bos,dc=redhat,dc=com


Other missing attributes seems fine to not be listed for user, however, fax is something that user should be able to see.

Comment 1 Gowrishankar Rajaiyan 2015-02-02 10:13:57 UTC
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-selfservice-usertest-1005: check the user's attribute settings
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

...


:: [  BEGIN   ] :: Running 'ipa user-find user0001  --phone=777-777-7777'
--------------
1 user matched
--------------
  User login: user0001
  First name: Good
  Last name: User
  Home directory: /home/user0001
  Login shell: /bin/bash
  Email address: user0001@testrelm.test
  UID: 653400001
  GID: 653400001
  Telephone Number: 777-777-7777
  Job Title: good_admin
  Account disabled: False
  Password: True
  Kerberos keys available: True
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Command 'ipa user-find user0001  --phone=777-777-7777' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'ipa user-find user0001  --mobile=777-777-7777'
--------------
1 user matched
--------------
  User login: user0001
  First name: Good
  Last name: User
  Home directory: /home/user0001
  Login shell: /bin/bash
  Email address: user0001@testrelm.test
  UID: 653400001
  GID: 653400001
  Telephone Number: 777-777-7777
  Mobile Telephone Number: 777-777-7777
  Job Title: good_admin
  Account disabled: False
  Password: True
  Kerberos keys available: True
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Command 'ipa user-find user0001  --mobile=777-777-7777' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'ipa user-find user0001  --pager=777-777-7777'
--------------
1 user matched
--------------
  User login: user0001
  First name: Good
  Last name: User
  Home directory: /home/user0001
  Login shell: /bin/bash
  Email address: user0001@testrelm.test
  UID: 653400001
  GID: 653400001
  Telephone Number: 777-777-7777
  Pager Number: 777-777-7777
  Job Title: good_admin
  Account disabled: False
  Password: True
  Kerberos keys available: True
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Command 'ipa user-find user0001  --pager=777-777-7777' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'ipa user-find user0001  --fax=777-777-7777'
---------------
0 users matched
---------------
----------------------------
Number of entries returned 0
----------------------------
:: [   FAIL   ] :: Command 'ipa user-find user0001  --fax=777-777-7777' (Expected 0, got 1)

Comment 5 Martin Kosek 2015-02-05 15:17:02 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/4883

Comment 15 Abhijeet Kasurde 2015-08-14 05:08:36 UTC
Created attachment 1062867 [details]
Verification_logs

Comment 16 Abhijeet Kasurde 2015-08-18 07:23:12 UTC
Attached logs and marking bug as verified.

Comment 17 errata-xmlrpc 2015-11-19 12:01:14 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2362.html


Note You need to log in before you can comment on or make changes to this bug.