Bug 1217127 - Override for IPA users with login does not list user all groups
Override for IPA users with login does not list user all groups
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd (Show other bugs)
7.1
Unspecified Unspecified
medium Severity unspecified
: rc
: ---
Assigned To: SSSD Maintainers
Kaushik Banerjee
:
Depends On: 1215195
Blocks:
  Show dependency treegraph
 
Reported: 2015-04-29 11:39 EDT by Sumit Bose
Modified: 2015-11-19 06:38 EST (History)
13 users (show)

See Also:
Fixed In Version: sssd-1.13.0-0.1.alpha.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1215195
Environment:
Last Closed: 2015-11-19 06:38:24 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:2355 normal SHIPPED_LIVE Low: sssd security, bug fix, and enhancement update 2015-11-19 05:27:42 EST

  None (edit)
Comment 1 Jakub Hrozek 2015-04-29 11:43:38 EDT
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2642
Comment 2 Jakub Hrozek 2015-05-06 04:55:40 EDT
    master:
        0f9c28eb52d2b45c8a97f709308dc11377831b8c
        35b178d02dfd293778aefbc0b465a5a3a4b6cd8f 
    sssd-1-12:
        3b00bcd8b6d53d33207005c4e7a631b6a241d300
        a4a447b7bf394ded65c8ae872832e7cd135425d1
Comment 4 Sudhir Menon 2015-09-30 08:57:42 EDT
Verified using RHEL7.2

sssd-1.13.0-35.el7.x86_64
ipa-server-trust-ad-4.2.0-12.el7.x86_64
ipa-server-4.2.0-12.el7.x86_64
ipa-server-dns-4.2.0-12.el7.x86_64

Observation: When ipa user override is added with a new login name, id command does list all its groups


[root@ipa01 ~]# ipa user-show ipauser1
  User login: ipauser1
  First name: f
  Last name: l
  Home directory: /home/ipauser1
  Login shell: /bin/sh
  Email address: ipauser1@labs01.test
  UID: 653800010
  GID: 653800010
  Account disabled: False
  Password: False
  Member of groups: grp2, grp1, ipausers
  Kerberos keys available: False

[root@ipa01 ~]# ipa idview-add
ID View Name: hostview
------------------------
Added ID View "hostview"
------------------------
  ID View Name: hostview
[root@ipa01 ~]# ipa idoverrideuser-add hostview ipauser1 --login useripa1
---------------------------------
Added User ID override "ipauser1"
---------------------------------
  Anchor to override: ipauser1
  User login: useripa1

service sssd stop ; rm -fr /var/lib/sss/{db,mc}/* ; service sssd start

[root@ipa01 ~]# ipa idview-apply hostview --hosts ipaclient02.labs01.test
--------------------------
Applied ID View "hostview"
--------------------------
  hosts: ipaclient02.labs01.test
---------------------------------------------
Number of hosts the ID View was applied to: 1
---------------------------------------------

[root@ipaclient02 ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start
Redirecting to /bin/systemctl stop  sssd.service
Redirecting to /bin/systemctl start  sssd.service

[root@ipaclient02 ~]# id ipauser1
uid=653800010(useripa1) gid=653800010(ipauser1) groups=653800010(ipauser1),653800012(grp2),653800011(grp1)
Comment 5 errata-xmlrpc 2015-11-19 06:38:24 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2355.html

Note You need to log in before you can comment on or make changes to this bug.