1188195 – Fax number not displayed for user-show when kinit'ed as normal user.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1188195 - Fax number not displayed for user-show when kinit'ed as normal user.

Summary: Fax number not displayed for user-show when kinit'ed as normal user.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	7.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	IPA Maintainers
QA Contact:	Namita Soman
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1198430
TreeView+	depends on / blocked

Reported:	2015-02-02 10:11 UTC by Gowrishankar Rajaiyan
Modified:	2015-11-19 12:01 UTC (History)
CC List:	8 users (show)
Fixed In Version:	ipa-4.2.0-0.1.alpha1.el7
Doc Type:	Known Issue
Doc Text:	Both anonymous and authenticated users lose the default permission to read the "facsimiletelephonenumber" user attribute after upgrading to the Red Hat Enterprise Linux 7.1 version of Identity Management (IdM). To manually change the new default setting and make the attribute readable again, run the "ipa permission-mod 'System: Read User Addressbook Attributes' --includedattrs facsimiletelephonenumber" command.
Clone Of:
Clones:	1198430 (view as bug list)
Environment:
Last Closed:	2015-11-19 12:01:14 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
Verification_logs (7.41 KB, text/plain) 2015-08-14 05:08 UTC, Abhijeet Kasurde	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2015:2362	0	normal	SHIPPED_LIVE	ipa bug fix and enhancement update	2015-11-19 10:40:46 UTC

Description Gowrishankar Rajaiyan 2015-02-02 10:11:21 UTC

Description of problem: Use user-mod to set fax number. Kinit as user and try to user-show. Fax number set previously is missing when queried as user.


Version-Release number of selected component (if applicable):
ipa-server-4.1.0-17.el7.x86_64


How reproducible: Always


Steps to Reproduce:
1. kinit admin
2. ipa user-add user0001 --first=user0001 --last=user0001 --password
3. ipa user-mod user0001 --fax=777-777-7777
4. kinit user0001
5. ipa user-show user0001 --all

Actual results: 
"ipa user-show user0001 --all" does not list the fax number.


Expected results:
"ipa user-show user0001 --all" should list the fax number.


Additional info:
[root@apollo ~]# ipa user-mod user0001 --fax=777-777-7777
------------------------
Modified user "user0001"
------------------------
  User login: user0001
  First name: user0001
  Last name: user0001
  Home directory: /home/user0001
  Login shell: /bin/sh
  Email address: user0001.eng.bos.redhat.com
  UID: 1610000001
  GID: 1610000001
  Fax Number: 777-777-7777
  Account disabled: False
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True
[root@apollo ~]#

[root@apollo ~]# echo Secret_123 | kinit user0001
Password for user0001.ENG.BOS.REDHAT.COM: 
[root@apollo ~]# ipa user-find user0001 --fax=777-777-7777
---------------
0 users matched
---------------
----------------------------
Number of entries returned 0
----------------------------
[root@apollo ~]#

[root@apollo ~]# ipa user-show user0001 --all
  dn: uid=user0001,cn=users,cn=accounts,dc=idmqe,dc=lab,dc=eng,dc=bos,dc=redhat,dc=com
  User login: user0001
  First name: user0001
  Last name: user0001
  Full name: user0001 user0001
  Display name: user0001 user0001
  Initials: uu
  Home directory: /home/user0001
  GECOS: user0001 user0001
  Login shell: /bin/sh
  Kerberos principal: user0001.ENG.BOS.REDHAT.COM
  Email address: user0001.eng.bos.redhat.com
  UID: 1610000001
  GID: 1610000001
  Account disabled: False
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True
  ipauniqueid: 4d5472b0-aabe-11e4-b2a7-0015172f2b30
  krblastpwdchange: 20150202094641Z
  krbpasswordexpiration: 20150503094641Z
  objectclass: ipaSshGroupOfPubKeys, ipaobject, mepOriginEntry, person, top, ipasshuser, inetorgperson, organizationalperson, krbticketpolicyaux, krbprincipalaux, inetuser, posixaccount
[root@apollo ~]# 

Now, kinit as admin:

[root@apollo ~]# echo Secret123 | kinit admin
Password for admin.ENG.BOS.REDHAT.COM: 
[root@apollo ~]# ipa user-show user0001 --all
  dn: uid=user0001,cn=users,cn=accounts,dc=idmqe,dc=lab,dc=eng,dc=bos,dc=redhat,dc=com
  User login: user0001
  First name: user0001
  Last name: user0001
  Full name: user0001 user0001
  Display name: user0001 user0001
  Initials: uu
  Home directory: /home/user0001
  GECOS: user0001 user0001
  Login shell: /bin/sh
  Kerberos principal: user0001.ENG.BOS.REDHAT.COM
  Email address: user0001.eng.bos.redhat.com
  UID: 1610000001
  GID: 1610000001
  Fax Number: 777-777-7777
  Account disabled: False
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True
  ipauniqueid: 4d5472b0-aabe-11e4-b2a7-0015172f2b30
  krbextradata: AAKBR89Ua2FkbWluZEBJRE1RRS5MQUIuRU5HLkJPUy5SRURIQVQuQ09NAA==
  krblastpwdchange: 20150202094641Z
  krblastsuccessfulauth: 20150202095810Z
  krbloginfailedcount: 0
  krbpasswordexpiration: 20150503094641Z
  krbticketflags: 128
  mepmanagedentry: cn=user0001,cn=groups,cn=accounts,dc=idmqe,dc=lab,dc=eng,dc=bos,dc=redhat,dc=com
  objectclass: ipaSshGroupOfPubKeys, ipaobject, mepOriginEntry, person, top, ipasshuser, inetorgperson, organizationalperson, krbticketpolicyaux, krbprincipalaux, inetuser, posixaccount
[root@apollo ~]# 


Missing attributes for normal user:
  Fax Number: 777-777-7777
  krbextradata: AAKBR89Ua2FkbWluZEBJRE1RRS5MQUIuRU5HLkJPUy5SRURIQVQuQ09NAA==
  krblastsuccessfulauth: 20150202095810Z
  krbloginfailedcount: 0
  krbpasswordexpiration: 20150503094641Z
  krbticketflags: 128
  mepmanagedentry: cn=user0001,cn=groups,cn=accounts,dc=idmqe,dc=lab,dc=eng,dc=bos,dc=redhat,dc=com


Other missing attributes seems fine to not be listed for user, however, fax is something that user should be able to see.

Comment 1 Gowrishankar Rajaiyan 2015-02-02 10:13:57 UTC

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-selfservice-usertest-1005: check the user's attribute settings
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

...


:: [  BEGIN   ] :: Running 'ipa user-find user0001  --phone=777-777-7777'
--------------
1 user matched
--------------
  User login: user0001
  First name: Good
  Last name: User
  Home directory: /home/user0001
  Login shell: /bin/bash
  Email address: user0001
  UID: 653400001
  GID: 653400001
  Telephone Number: 777-777-7777
  Job Title: good_admin
  Account disabled: False
  Password: True
  Kerberos keys available: True
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Command 'ipa user-find user0001  --phone=777-777-7777' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'ipa user-find user0001  --mobile=777-777-7777'
--------------
1 user matched
--------------
  User login: user0001
  First name: Good
  Last name: User
  Home directory: /home/user0001
  Login shell: /bin/bash
  Email address: user0001
  UID: 653400001
  GID: 653400001
  Telephone Number: 777-777-7777
  Mobile Telephone Number: 777-777-7777
  Job Title: good_admin
  Account disabled: False
  Password: True
  Kerberos keys available: True
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Command 'ipa user-find user0001  --mobile=777-777-7777' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'ipa user-find user0001  --pager=777-777-7777'
--------------
1 user matched
--------------
  User login: user0001
  First name: Good
  Last name: User
  Home directory: /home/user0001
  Login shell: /bin/bash
  Email address: user0001
  UID: 653400001
  GID: 653400001
  Telephone Number: 777-777-7777
  Pager Number: 777-777-7777
  Job Title: good_admin
  Account disabled: False
  Password: True
  Kerberos keys available: True
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Command 'ipa user-find user0001  --pager=777-777-7777' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'ipa user-find user0001  --fax=777-777-7777'
---------------
0 users matched
---------------
----------------------------
Number of entries returned 0
----------------------------
:: [   FAIL   ] :: Command 'ipa user-find user0001  --fax=777-777-7777' (Expected 0, got 1)

Comment 5 Martin Kosek 2015-02-05 15:17:02 UTC

Upstream ticket:
https://fedorahosted.org/freeipa/ticket/4883

Comment 7 Tomas Babej 2015-02-19 17:38:09 UTC

Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/72af5fd9757da16c49959bfdecf4e0cb41c36503
ipa-4-1:
https://fedorahosted.org/freeipa/changeset/73f6d69adfa2c10c9e3534f59d047ade3782b051

Comment 15 Abhijeet Kasurde 2015-08-14 05:08:36 UTC

Created attachment 1062867 [details]
Verification_logs

Comment 16 Abhijeet Kasurde 2015-08-18 07:23:12 UTC

Attached logs and marking bug as verified.

Comment 17 errata-xmlrpc 2015-11-19 12:01:14 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2362.html

Note You need to log in before you can comment on or make changes to this bug.