Bug 805546 - when adding a user with --noprivate option gidNumber should be required
Summary: when adding a user with --noprivate option gidNumber should be required
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa
Version: 6.3
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: IDM QE LIST
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-03-21 14:53 UTC by Jenny Severance
Modified: 2015-01-21 20:04 UTC (History)
1 user (show)

Fixed In Version: ipa-2.2.0-9.el6
Doc Type: Bug Fix
Doc Text:
No documentation needed.
Clone Of:
Environment:
Last Closed: 2012-06-20 13:25:19 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2012:0819 0 normal SHIPPED_LIVE ipa bug fix and enhancement update 2012-06-19 20:34:17 UTC

Description Jenny Severance 2012-03-21 14:53:47 UTC 
Description of problem:

When adding a user with --noprivate (don't add private user group ) the user's gidNumber should be set to the gidNumber ipausers, right now it is being set to the user's gidNumber like there was a private group added.

ipa user-add --first=test --last=test --noprivate test
-----------------
Added user "test"
-----------------
  User login: test
  First name: test
  Last name: test
  Full name: test test
  Display name: test test
  Initials: tt
  Home directory: /home/test
  GECOS field: test test
  Login shell: /bin/sh
  Kerberos principal: test
  UID: 404600032
  GID: 404600032   <========================================================
  Password: False
  Kerberos keys available: False

# ipa group-find --private test
----------------
0 groups matched
----------------
----------------------------
Number of entries returned 0



Version-Release number of selected component (if applicable):
ipa-server-2.2.0-4.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. See description
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Jenny Severance 2012-03-21 15:05:21 UTC 
Can not set to ipausers, as the default is now non-posix and it doesn't have a gidNumber .... add should fail with gidNumber required
Comment 2 Jenny Severance 2012-03-21 16:38:44 UTC 
The following automated tests were added ::


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-user-add-052: user gidnumber defaults to upg gidnumber which matches user uidnumber
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'ipa user-add --first=test --last=test testusr'
:: [   PASS   ] :: User gidnumber matches user uidnumber.  uidNumber: 404600090  gidNumber: 404600090
:: [   LOG    ] :: Duration: 13s
:: [   LOG    ] :: Assertions: 2 good, 0 bad
:: [   PASS   ] :: RESULT: ipa-user-add-052: user gidnumber defaults to upg gidnumber which matches user uidnumber

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-user-add-053: --noprivate group specified gidnumber exists - default group non-posix
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'ipa user-add --first=test --last=test --noprivate --gidnumber=404600091 testusr'
:: [   PASS   ] :: Make sure private group not added
:: [   PASS   ] :: User's gidnumber as expected.
:: [   LOG    ] :: Duration: 22s
:: [   LOG    ] :: Assertions: 3 good, 0 bad
:: [   PASS   ] :: RESULT: ipa-user-add-053: --noprivate group specified gidnumber exist - ipausers non-posix

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: bz805546 --noprivate group specified gid number does not exist - default group non-posix
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: Executing: ipa user-add --first=test --last=test --noprivate --gidnumber=123 testusr
:: [   LOG    ] :: ERROR: Expected "ipa user-add --first=test --last=test --noprivate --gidnumber=123 testusr" to fail.
:: [   FAIL   ] :: Verify expected error message. (Expected 0, got 1)
:: [   LOG    ] :: Duration: 7s
:: [   LOG    ] :: Assertions: 0 good, 1 bad
:: [   FAIL   ] :: RESULT: ipa-user-add-054: --noprivate group specified gid number does not exist - default group non-posix

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: bz805546 --noprivate gidnumber not specifiec - default group posix
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Change default group to testgrp gidnumber: 404600094
:: [   PASS   ] :: Running 'ipa user-add --first=test --last=test --noprivate testusr'
:: [   PASS   ] :: Make sure private group not added
:: [   FAIL   ] :: User's gidnumber not as expected.  Expected: 404600094  Got: 404600095 
:: [   LOG    ] :: Duration: 25s
:: [   LOG    ] :: Assertions: 3 good, 1 bad
:: [   FAIL   ] :: RESULT: ipa-user-add-055: --noprivate gidnumber not specifiec - default group posix

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: bz805546 when adding a user with --noprivate option the gidNumber should be required
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: Executing: ipa user-add --first=test --last=test --noprivate testusr
:: [   LOG    ] :: ERROR: Expected "ipa user-add --first=test --last=test --noprivate testusr" to fail.
:: [   FAIL   ] :: Verify expected error message. (Expected 0, got 1)
:: [   LOG    ] :: Duration: 7s
:: [   LOG    ] :: Assertions: 0 good, 1 bad
:: [   FAIL   ] :: RESULT: bz805546 when adding a user with --noprivate option the gidNumber should be required
Comment 3 Martin Kosek 2012-03-22 08:40:04 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2572
Comment 4 Martin Kosek 2012-04-05 13:06:11 UTC 
Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/cdebb29fecdd959808b4f0ea0245e371eba06eae
ipa-2-2: https://fedorahosted.org/freeipa/changeset/811faafeecbbba7cc8a16ad7b16d2a64643f3202
Comment 8 Martin Kosek 2012-04-25 09:41:12 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed.
Comment 9 Jenny Severance 2012-05-03 14:01:16 UTC 
verified ::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-user-add-052: user gidnumber defaults to upg gidnumber which matches user uidnumber
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'ipa user-add --first=test --last=test testusr'
:: [   PASS   ] :: User gidnumber matches user uidnumber.  uidNumber: 1895200026  gidNumber: 1895200026
:: [   LOG    ] :: Duration: 8s
:: [   LOG    ] :: Assertions: 2 good, 0 bad
:: [   PASS   ] :: RESULT: ipa-user-add-052: user gidnumber defaults to upg gidnumber which matches user uidnumber

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-user-add-053: --noprivate group specified gidnumber exists - default group non-posix
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'ipa user-add --first=test --last=test --noprivate --gidnumber=1895200027 testusr'
:: [   PASS   ] :: Make sure private group not added
:: [   PASS   ] :: User's gidnumber as expected.
:: [   LOG    ] :: Duration: 14s
:: [   LOG    ] :: Assertions: 3 good, 0 bad
:: [   PASS   ] :: RESULT: ipa-user-add-053: --noprivate group specified gidnumber exists - default group non-posix


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: bz805546 --noprivate group specified gid number does not exist - default group non-posix
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Running 'ipa user-add --first=test --last=test --noprivate --gidnumber=123 testusr'
:: [   PASS   ] :: Make sure private group not added
:: [   PASS   ] :: User's gidnumber as expected.
:: [   PASS   ] :: Running 'ipa user-del testusr'
:: [   LOG    ] :: Duration: 8s
:: [   LOG    ] :: Assertions: 4 good, 0 bad
:: [   PASS   ] :: RESULT: bz805546 --noprivate group specified gid number does not exist - default group non-posix

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: bz805546 --noprivate gidnumber not specifiec - default group posix
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Change default group to testgrp gidnumber: 1895200031
:: [   PASS   ] :: Running 'ipa user-add --first=test --last=test --noprivate testusr'
:: [   PASS   ] :: Make sure private group not added
:: [   PASS   ] :: User's gidnumber as expected.
:: [   LOG    ] :: Duration: 18s
:: [   LOG    ] :: Assertions: 4 good, 0 bad
:: [   PASS   ] :: RESULT: bz805546 --noprivate gidnumber not specifiec - default group posix

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: bz805546 when adding a user with --noprivate option the gidNumber should be required
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: Executing: ipa user-add --first=test --last=test --noprivate testusr
:: [   LOG    ] :: "ipa user-add --first=test --last=test --noprivate testusr" failed as expected.
:: [   PASS   ] :: Error message as expected: ipa: ERROR: Default group for new users is not POSIX
:: [   PASS   ] :: Verify expected error message.
:: [   LOG    ] :: Duration: 6s
:: [   LOG    ] :: Assertions: 2 good, 0 bad
:: [   PASS   ] :: RESULT: bz805546 when adding a user with --noprivate option the gidNumber should be required


version ::

ipa-server-2.2.0-11.el6
Comment 11 errata-xmlrpc 2012-06-20 13:25:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0819.html
Note You need to log in before you can comment on or make changes to this bug.