Bug 809560 - Do not create private groups for migrated users
Do not create private groups for migrated users
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa (Show other bugs)
6.3
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Rob Crittenden
IDM QE LIST
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-03 12:23 EDT by Dmitri Pal
Modified: 2015-01-05 06:05 EST (History)
2 users (show)

See Also:
Fixed In Version: ipa-2.2.0-8.el6
Doc Type: Bug Fix
Doc Text:
No documentation needed.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-20 09:26:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dmitri Pal 2012-04-03 12:23:41 EDT
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2604

User private groups should not be created for migrated posix users, their GID points to another group:

{{{
# echo "secret123" | ipa migrate-ds ldap://vm-054.idm.lab.bos.redhat.com --with-compat --base-dn="dc=greyoak,dc=com"
-----------
migrate-ds:
-----------
Migrated:
  user: darcee_leeson, ayaz_kreiger, mollee_weisenberg
  group: ipagroup
Failed user:
Failed group:
----------
Passwords have been migrated in pre-hashed format.
IPA is unable to generate Kerberos keys unless provided
with clear text passwords. All migrated users need to
login at https://your.domain/ipa/migration/ before they
can use their Kerberos accounts.

# ipa user-show darcee_leeson
  User login: darcee_leeson
  First name: Darcee
  Last name: Leeson
  Home directory: /home/Darcee_Leeson
  Email address: Darcee_Leeson@greyoak.com
  UID: 11731
  GID: 21731         <<<<<<<<<
  Telephone Number: +1 804 913-8558
  Org. Unit: Product Testing
  Job Title: Supreme Product Testing Visionary
  Account disabled: False
  Password: True
  Member of groups: ipausers
  Kerberos keys available: False
# ipa group-show darcee_leeson
  Group name: darcee_leeson
  Description: User private group for darcee_leeson
  GID: 11731        <<<<<<<<<
}}}
Comment 1 Rob Crittenden 2012-04-04 11:35:28 EDT
fixed upstream.

master: b55c98f1c5b0d46aba3f1792ebd8ecc059173b6a

ipa-2-2: b98342ae6e60920c88e0979a84705874d59a0f3d
Comment 4 Jenny Galipeau 2012-04-23 11:24:51 EDT
verified ::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: bz809560 Do not create private groups for migrated users
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Verify user 'puser1' does not have a private group
:: [   PASS   ] :: Verify user 'puser2' does not have a private group
:: [   PASS   ] :: Verify user 'philomena_hazen' does not have a private group
:: [   LOG    ] :: Duration: 7s
:: [   LOG    ] :: Assertions: 3 good, 0 bad
:: [   PASS   ] :: RESULT: bz809560 Do not create private groups for migrated users


version :: ipa-server-2.2.0-10.el6.x86_64
Comment 6 Martin Kosek 2012-04-25 07:24:28 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed.
Comment 8 errata-xmlrpc 2012-06-20 09:26:31 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0819.html

Note You need to log in before you can comment on or make changes to this bug.