Bug 1261485 - [RFE] SID blacklists [incoming/outgoing] is not displayed using command line.
[RFE] SID blacklists [incoming/outgoing] is not displayed using command line.
Status: ASSIGNED
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa (Show other bugs)
7.2
Unspecified Linux
unspecified Severity unspecified
: rc
: ---
Assigned To: IPA Maintainers
Namita Soman
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-09 08:24 EDT by Sudhir Menon
Modified: 2017-04-19 11:59 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Sudhir Menon 2015-09-09 08:24:34 EDT
Description of problem: Need command to display SID blacklists [incoming/outgoing] 

Version-Release number of selected component (if applicable):


How reproducible:Always


Steps to Reproduce:
1. Login to IPA server
2. sudo ipa-adtrust-install 
3. Ensure that the trust is established successfully.
4. Check the output


Actual results:
4. When the trust is added successfully the output displays both incoming/outgoing SID's

[root@ipaserver ~]# ipa trust-add 
Realm name: testqa.in
Active Directory domain administrator: administrator
Active Directory domain administrator's password: 
--------------------------------------------------
Added Active Directory trust for realm "testqa.in"
--------------------------------------------------
  Realm name: testqa.in
  Domain NetBIOS name: TESTQA
  Domain Security Identifier: S-1-5-21-1521174288-3006602325-1802481311

  SID blacklist incoming: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7, S-1-5-6, S-1-5-5, S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17, S-1-5-16, S-1-5-15, S-1-5-14, S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10, S-1-3, S-1-2, S-1-1, S-1-0,
S-1-5-19, S-1-5-18
  
  SID blacklist outgoing: S-1-5-20, S-1-5-3, S-1-5-2, S-1-5-1, S-1-5-7, S-1-5-6, S-1-5-5,S-1-5-4, S-1-5-9, S-1-5-8, S-1-5-17, S-1-5-16, S-1-5-15, S-1-5-14,S-1-5-13, S-1-5-12, S-1-5-11, S-1-5-10, S-1-3, S-1-2, S-1-1, S-1-0,
S-1-5-19, S-1-5-18

  Trust direction: Trusting forest
  Trust type: Active Directory domain
  Trust status: Established and verified


Expected results:

1. The SID's are shown only when the trust is added and if we want to check the SID using command line there is no such command line option except seeing it in the web ui.

2. 'ipa trust-show' command can include the output for SID's.

Hence logging the RFE for command line tool.

Additional info:
Comment 2 Petr Vobornik 2015-09-09 12:49:32 EDT
`ipa trust-show <name> --all` can be used as a workaround.
Comment 3 Petr Vobornik 2015-09-09 12:50:25 EDT
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/5291
Comment 4 Petr Vobornik 2017-04-06 12:16:27 EDT
IdM team doesn't have capacity to implement this RFE for RHEL 7.4. Moving to next RHEL version. Implementing the RFE there will depend on capacity of FreeIPA upstream. Without sufficient justification there is a chance that it will be moved again later.

Note You need to log in before you can comment on or make changes to this bug.