Bug 636206 - ipa group-show and group-find not listing indirect memberships with nested groups
Summary: ipa group-show and group-find not listing indirect memberships with nested gr...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: freeIPA
Classification: Retired
Component: ipa-server
Version: 2.0
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Rob Crittenden
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-09-21 16:28 UTC by Jenny Severance
Modified: 2015-01-04 23:44 UTC (History)
4 users (show)

Fixed In Version: freeipa-2.0.0-1.fc15
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-03-28 09:37:03 UTC
Embargoed:

Attachments (Terms of Use)

Description Jenny Severance 2010-09-21 16:28:29 UTC 
Description of problem:
ipa group-show and group-find are only listing direct memberships and not the indirect membership from nested groups ...

<snip>

[root@dhcp-100-3-186 ipa-group-cli]# ipa group-show disneyworld
  Group name: disneyworld
  Description: Top Parent Group
  Member groups: animalkingdom, epcot
  Member users: wdisney

[root@dhcp-100-3-186 ipa-group-cli]# ipa group-show epcot
  Group name: epcot
  Description: Park 2
  Member groups: japan, germany
  Member users: euser1, euser2

[root@dhcp-100-3-186 ipa-group-cli]# ipa group-show germany
  Group name: germany
  Description: Country 1
  Member users: guser1, guser2
[root@dhcp-100-3-186 ipa-group-cli]# ipa group-show japan
  Group name: japan
  Description: Country 2
  Member users: juser1, juser2



[root@dhcp-100-3-186 ipa-group-cli]# ipa group-show animalkingdom
  Group name: animalkingdom
  Description: Park 1
  Member groups: dinasaurs, fish
  Member users: trainer1, trainer2

[root@dhcp-100-3-186 ipa-group-cli]# ipa group-show dinasaurs
  Group name: dinasaurs
  Description: Animal type 1
  Member users: trex, juser1
[root@dhcp-100-3-186 ipa-group-cli]# ipa group-show fish
  Group name: fish
  Description: Animal type 2
  Member users: guser2, mdolphin


</snip>

Version-Release number of selected component (if applicable):
ipa-server-1.91-0.2010091519git5fd09b0.fc12.i686
ipa-admintools-1.91-0.2010091519git5fd09b0.fc12.i686

How reproducible:
always

Steps to Reproduce:
1. add groups and user members as above description and show and/or find each group
2.
3.
  
Actual results:
groups only list direct user and group members.

Expected results:
parent groups would list all direct and indirect user and group members.


Additional info:
Comment 1 Dmitri Pal 2010-09-27 17:36:39 UTC 
From Rob:

I was going to add this as a flag onto the show and find functions so we don't pay for membership by default, if that's ok. --members or something like that. 


Ticket opened:
https://fedorahosted.org/freeipa/ticket/296

Note:
We need to be consistent and do the same for other grouping objects.
Comment 2 Rob Crittenden 2010-10-28 19:24:47 UTC 
master: c25d62965af9dffc655d659dfcd1f39e8d08e66c

To test this do something like:

* Create users user1 and user2
* Create groups g1 and g2
* Add user1 as a member of g1
* Add user2 as a member of g2
* Add g2 as a member of g1
* Show group g1, it should have 2 members: user1 and g2 and one indirect member g2
Note You need to log in before you can comment on or make changes to this bug.