Bug 678778
| Summary: | IPA provider does not update removed group memberships on initgroups | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Stephen Gallagher <sgallagh> |
| Component: | sssd | Assignee: | Stephen Gallagher <sgallagh> |
| Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 5.7 | CC: | benl, dpal, grajaiya, jgalipea, msvoboda, prc |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | sssd-1.5.1-10.el5 | Doc Type: | Bug Fix |
| Doc Text: |
When performing an initgroups() request on a user, the IPA provider did not properly remove group memberships from the local cache when they were removed from the IPA server. With this update, a removed group is no longer present in the local cache.
|
Story Points: | --- |
| Clone Of: | 678777 | Environment: | |
| Last Closed: | 2011-07-21 08:09:23 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 678777 | ||
| Bug Blocks: | |||
|
Description
Stephen Gallagher
2011-02-19 14:57:52 UTC
1) Add an ipa user # ipa user-add --first Mickey --last Mouse mmouse ------------------- Added user "mmouse" ------------------- User login: mmouse First name: Mickey Last name: Mouse Full name: Mickey Mouse Display name: Mickey Mouse Initials: MM Home directory: /home/mmouse GECOS field: mmouse Login shell: /bin/sh Kerberos principal: mmouse@TESTRELM UID: 239400006 2) Add an ipa group # ipa group-add --desc disney mice ------------------ Added group "mice" ------------------ Group name: mice Description: disney GID: 239400007 3) Add user to the group # ipa group-add-member --users=mmouse mice Group name: mice Description: disney GID: 239400007 Member users: mmouse ------------------------- Number of members added 1 4) On client id user # id mmouse uid=239400006(mmouse) gid=239400006(mmouse) groups=239400006(mmouse),239400005(mygroup),239400001(ipausers),239400007(mice) context=root:system_r:unconfined_t:SystemLow-SystemHigh 5) Remove the user from the group # ipa group-remove-member --users=mmouse mice Group name: mice Description: disney GID: 239400007 --------------------------- Number of members removed 1 6) Login to client as the user 7) On client id user # id mmouse uid=239400006(mmouse) gid=239400006(mmouse) groups=239400006(mmouse),239400005(mygroup),239400001(ipausers),239400007(mice) context=root:system_r:unconfined_t:SystemLow-SystemHigh SERVER : RHEL 6.1 ipa-server-2.0.0-23.el6.x86_64 CLIENT : RHEL 5.7 sssd-1.5.1-35.el5 ipa-client-2.0-14.el5
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
When performing an initgroups() request on a user, the IPA provider did not properly remove group memberships from the local cache when they were removed from the IPA server. With this update, a removed group is no longer present in the local cache.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2011-0975.html |