Hide Forgot
Description of problem: Running the command below more than once: ipa sudorule-add-user --users=user1,user2 SudoRule1 where user1 is an IPA user, and user2 is an external user gives different errors for the two users. For the IPA user - error is - member user: user1: This entry is already a member but for the external user, error is - member user: user2: no such entry Version-Release number of selected component (if applicable): ipa-server-2.1.1-4.el6.x86_64 How reproducible: always Steps to Reproduce: 1. Add User user1, and a sudo rule SudoRule1 2. Run: ipa sudorule-add-user --users=user1,user2 SudoRule1 3. Run the command again Actual results: indicates user1 is already a member, but for user2 - that "no such entry" Expected results: indicate both users are members already Additional info: This is the error thrown in UI as well, and can be confusing.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/1884
Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/304b70843a96ce2e4effbc1d45144f79fd761d63 ipa-2-2: https://fedorahosted.org/freeipa/changeset/994ec02b3f50c410b0401225a4be997e63dacd0a
[root@wheeljack ~]# ipa user-add user1 --first user1 --last ping ------------------ Added user "user1" ------------------ User login: user1 First name: user1 Last name: ping Full name: user1 ping Display name: user1 ping Initials: up Home directory: /home/user1 GECOS field: user1 ping Login shell: /bin/sh Kerberos principal: user1.PNQ.REDHAT.COM UID: 1956600001 GID: 1956600001 Password: False Kerberos keys available: False [root@wheeljack ~]# ipa sudorule-add Sudorule1 --------------------------- Added Sudo Rule "Sudorule1" --------------------------- Rule name: Sudorule1 Enabled: TRUE [root@wheeljack ~]# ipa sudorule-add-user --users=user1,user2 Sudorule1 Rule name: Sudorule1 Enabled: TRUE Users: user1 External User: user2 ------------------------- Number of members added 2 ------------------------- [root@wheeljack ~]# ipa sudorule-add-user --users=user1,user2 Sudorule1 Rule name: Sudorule1 Enabled: TRUE Users: user1 External User: user2 Failed users/groups: member user: user1: This entry is already a member member user: user2: This entry is already a member member group: ------------------------- Number of members added 0 ------------------------- [root@wheeljack ~]# Output gives expected result. Verified in version ipa-server-2.2.0-8.el6.x86_64
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No documentation needed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html