Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 652762

Summary: Associated Services for an HBAC Rule are not returned with hbac-show
Product: [Retired] freeIPA Reporter: Jenny Severance <jgalipea>
Component: ipa-admintoolsAssignee: Rob Crittenden <rcritten>
Status: CLOSED NEXTRELEASE QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: low    
Version: 2.0CC: benl, dpal, jgalipea, jzeleny
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-12-03 07:33:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jenny Severance 2010-11-12 17:46:29 UTC 
Description of problem:
hbac-add-service --hbacsvcs is successful and the membership is added to ldap,
however executing the hbac-show command does not return the associated service.

ldap object:

# 192ede82-1dd211b2-99aed799-3dad0000, hbac, testrelm
dn: ipaUniqueID=192ede82-1dd211b2-99aed799-3dad0000,cn=hbac,dc=testrelm
objectClass: ipaassociation
objectClass: ipahbacrule
accessRuleType: allow
ipaEnabledFlag: TRUE
cn: myrule
ipaUniqueID: 192ede82-1dd211b2-99aed799-3dad0000
memberService: cn=sshd,cn=hbacservices,cn=accounts,dc=testrelm

command result:

[root@dhcp-100-2-213 ipa-hbac-cli]# ipa hbac-show myrule
  Rule name: myrule
  Rule type: allow
  Enabled: TRUE


Version-Release number of selected component (if applicable):
ipa-server-1.91-0.2010110118git813dfe5.fc12.i686
ipa-admintools-1.91-0.2010110118git813dfe5.fc12.i686


How reproducible:
always

Steps to Reproduce:

1. Add an HBAC Rule
   # ipa hbac-add --type=deny myrule
2. Associate a service with the rule
   # ipa hbac-add-service --hbacsvcs=sshd myrule
3. Verify the service was associated with the show command
   # ipa hbac-show myrule
  
Actual results:
  Rule name: myrule
  Rule type: allow
  Enabled: TRUE

Expected results:
  Rule name: myrule
  Rule type: allow
  Enabled: TRUE
  Services: sshd

Additional info:
Comment 1 Dmitri Pal 2010-11-12 22:08:19 UTC 
https://fedorahosted.org/freeipa/ticket/495
Comment 2 Jan Zeleny 2010-12-03 07:33:27 UTC 
The patch has been pushed to git repo, it will be available in the next version.