Red Hat Bugzilla – Bug 801622
ipa host-find --in-sudorule does not match hosts in specified sudorule if insertion order is wrong
Last modified: 2014-08-05 07:18:29 EDT
Description of problem: I add a host to a sudorule, then, I add the host to the system, then searching for that host with ipa host-find --in-sudorule=<sudorule> returns zero results Version-Release number of selected component (if applicable): ipa-server-2.2.0-2.el6.x86_64 How reproducible: always Steps to Reproduce: 1. kinit as admin 2. ipa sudorule-add srule 3. ipa sudorule-add-host --hosts=h.testrelm.com srule 4. ipa host-add --ip-address=4.2.2.2 h.testrelm.com 5. ipa host-find --in-sudorule srule Actual results: [root@ipaqavmc ipa-host-cli]# ipa host-find --in-sudorule srule --------------- 0 hosts matched --------------- ---------------------------- Number of entries returned 0 ---------------------------- Expected results: I expect the search to return h.testrelm.com Additional info: I am adding the host to the sudorule before the hosts exists. searching for the host if it is added to the sudorule in the correct order works properly.
I do not think this is a bug. When you add a host that's not enrolled in IPA, it is considered as an External host and is also stored in a different LDAP attribute (externalHost) than regular IPA hosts (memberHost with DN to IPA host). If you use the correct order or remove/add your host to srule, it should be added as a standard IPA host and host-find --in-sudorule will work.
I see no objections, closing as NOTABUG.