Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 1217127 - Override for IPA users with login does not list user all groups
Override for IPA users with login does not list user all groups
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd (Show other bugs)
Unspecified Unspecified
medium Severity unspecified
: rc
: ---
Assigned To: SSSD Maintainers
Kaushik Banerjee
Depends On: 1215195
  Show dependency treegraph
Reported: 2015-04-29 11:39 EDT by Sumit Bose
Modified: 2015-11-19 06:38 EST (History)
13 users (show)

See Also:
Fixed In Version: sssd-1.13.0-0.1.alpha.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1215195
Last Closed: 2015-11-19 06:38:24 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:2355 normal SHIPPED_LIVE Low: sssd security, bug fix, and enhancement update 2015-11-19 05:27:42 EST

  None (edit)
Comment 1 Jakub Hrozek 2015-04-29 11:43:38 EDT
Upstream ticket:
Comment 2 Jakub Hrozek 2015-05-06 04:55:40 EDT
Comment 4 Sudhir Menon 2015-09-30 08:57:42 EDT
Verified using RHEL7.2


Observation: When ipa user override is added with a new login name, id command does list all its groups

[root@ipa01 ~]# ipa user-show ipauser1
  User login: ipauser1
  First name: f
  Last name: l
  Home directory: /home/ipauser1
  Login shell: /bin/sh
  Email address: ipauser1@labs01.test
  UID: 653800010
  GID: 653800010
  Account disabled: False
  Password: False
  Member of groups: grp2, grp1, ipausers
  Kerberos keys available: False

[root@ipa01 ~]# ipa idview-add
ID View Name: hostview
Added ID View "hostview"
  ID View Name: hostview
[root@ipa01 ~]# ipa idoverrideuser-add hostview ipauser1 --login useripa1
Added User ID override "ipauser1"
  Anchor to override: ipauser1
  User login: useripa1

service sssd stop ; rm -fr /var/lib/sss/{db,mc}/* ; service sssd start

[root@ipa01 ~]# ipa idview-apply hostview --hosts ipaclient02.labs01.test
Applied ID View "hostview"
  hosts: ipaclient02.labs01.test
Number of hosts the ID View was applied to: 1

[root@ipaclient02 ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start
Redirecting to /bin/systemctl stop  sssd.service
Redirecting to /bin/systemctl start  sssd.service

[root@ipaclient02 ~]# id ipauser1
uid=653800010(useripa1) gid=653800010(ipauser1) groups=653800010(ipauser1),653800012(grp2),653800011(grp1)
Comment 5 errata-xmlrpc 2015-11-19 06:38:24 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.