Hide Forgot
Description of problem: ipa delegation-add works if --membergroup entry does not exist. It should fail in this scenario like it does when --group entry does not exist. # ipa group-find dnegroup ---------------- 0 groups matched ---------------- ---------------------------- Number of entries returned 0 ---------------------------- # ipa delegation-add newdelegation --membergroup=dnegroup --group=ipausers --attrs=l -------------------------------- Added delegation "newdelegation" -------------------------------- Delegation name: newdelegation Permissions: write Attributes: l Member user group: dnegroup User group: ipausers Version-Release number of selected component (if applicable): ipa-server-2.2.0-101.20120118T0229zgitbb854ce.el6.x86_64 ipa-admintools-2.2.0-101.20120118T0229zgitbb854ce.el6.x86_64 389-ds-base-libs-1.2.9.14-1.el6.x86_64 389-ds-base-1.2.9.14-1.el6.x86_64 How reproducible: always Steps to Reproduce: 1. make sure dnegroup group does not exist (ipa group-find dnegroup) 2. ipa delegation-add newdelegation --membergroup=dnegroup --group=ipausers --attrs=l Actual results: delegation newdelegation is created: # ipa delegation-add newdelegation --membergroup=dnegroup --group=ipausers --attrs=l -------------------------------- Added delegation "newdelegation" -------------------------------- Delegation name: newdelegation Permissions: write Attributes: l Member user group: dnegroup User group: ipausers Expected results: delegation-add command should fail similar to how it does when --group entry does not exist. Additional info:
Upstream ticket: https://fedorahosted.org/freeipa/ticket/2286
Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/616d543a54833a1fde6b0098d91ac0f4e14f7a57 ipa-2-2: https://fedorahosted.org/freeipa/changeset/93a1a3805369048f87e4328f421e156c8ebac07f
*** Bug 783548 has been marked as a duplicate of this bug. ***
Verified. Version :: ipa-server-2.2.0-4.el6.x86_64 Automated Test Results :: Bug found in test. Partially failed due to bug in test (not in software). Results here anyway. This is being fixed in the test automation to expect return code 2 instead of 1. :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: delegation_bz_783307: ipa delegation-add is not failing when membergroup does not exist :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Add group required for test :: [ FAIL ] :: Add delegation with non-existent membergroup (Expected 1, got 2) :: [ PASS ] :: BZ 783307 not found Manual Test Results :: [root@hp-xw6600-01 ipa-delegation-cli]# ipa group-add --desc=gr1000 gr1000 -------------------- Added group "gr1000" -------------------- Group name: gr1000 Description: gr1000 GID: 588200006 [root@hp-xw6600-01 ipa-delegation-cli]# ipa delegation-add bz783307 --membergroup=badgroup --group=gr1000 --attrs=mobile ipa: ERROR: badgroup: group not found [root@hp-xw6600-01 ipa-delegation-cli]# ipa delegation-show bz783307 ipa: ERROR: ACI with name "bz783307" not found
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No documentation needed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html