RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 874671 - ipa group-add-member missing error message when adding duplicate external members
Summary: ipa group-add-member missing error message when adding duplicate external mem...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.0
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: IDM QE LIST
URL:
Whiteboard:
: 920702 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-11-08 15:51 UTC by Scott Poore
Modified: 2014-09-18 11:30 UTC (History)
5 users (show)

Fixed In Version: ipa-3.2.1-1.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-06-13 09:33:05 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Scott Poore 2012-11-08 15:51:41 UTC
Description of problem:

From xdong's description in bug #869616:

2> when adding duplicate AD user behaviour is different from regular duplicate user
 
# ipa group-add-member --user=ttt aa
  Group name: aa
  Description: aaa
  External member: s-1-5-21-2048782538-2375889789-2933420090-1175, s-1-5-21-2048782538-2375889789-2933420090-1176,
                   s-1-5-21-2048782538-2375889789-2933420090-1179, s-1-5-21-2048782538-2375889789-2933420090-1155,
                   s-1-5-21-2048782538-2375889789-2933420090-1100
  Member users: ttt
  Member groups: ttt
  Failed members:
    member user: ttt: This entry is already a member
    member group:
-------------------------
Number of members added 0
-------------------------

# ipa group-add-member --external=s-1-5-21-2048782538-2375889789-2933420090-1175 aa
[member user]:
[member group]:
  Group name: aa
  Description: aaa
  External member: s-1-5-21-2048782538-2375889789-2933420090-1175, s-1-5-21-2048782538-2375889789-2933420090-1176,
                   s-1-5-21-2048782538-2375889789-2933420090-1179, s-1-5-21-2048782538-2375889789-2933420090-1155,
                   s-1-5-21-2048782538-2375889789-2933420090-1100
  Member users: ttt
  Member groups: ttt
-------------------------
Number of members added 0
-------------------------

Version-Release number of selected component (if applicable):
ipa-server-3.0.0-106.20121106T0229zgit881fc3a.el6.x86_64

How reproducible:
always


Steps to Reproduce:
1.  Setup IPA Master with trust to AD domain
2.  ipa group-add groupname --desc=desc --external
3.  ipa group-add-member groupname --external <SID|AD\name|name.com>
4.  ipa group-add-member groupname --external <SID|AD\name|name.com>
  
Actual results:
nothing added but, does not show "This entry is already a member" message like with normal user/group members.

Expected results:
Shows the same error message.

Additional info:

Comment 2 Dmitri Pal 2012-11-13 14:19:55 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/3254

Comment 4 Rob Crittenden 2013-03-14 18:05:17 UTC
*** Bug 920702 has been marked as a duplicate of this bug. ***

Comment 5 Rob Crittenden 2013-03-14 18:08:58 UTC
Fixed in master, re-pointing to the 7.0 release (with Namita's blessing).

master: 66356f0daf2a55c7e64dc648e0f8c765e9a56151

When adding a duplicate member to a group, an error message is issued, informing the user that the entry is already a member of the group. Similarly, when trying to delete an entry which is not a member, an error message is issued, informing the user that the entry is not a member of the group. These error messages were missing in case of external members.

This patch also adds support for using the AD\name or name.com format in ipa group-remove-member command.

Comment 8 Scott Poore 2013-08-22 18:09:35 UTC
Verified.

Version :: 
ipa-server-3.3.0-7.el7.x86_64

Manually run automated test results ::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa_trust_func_BZ874671:  ipa group-add-member missing error message when adding duplicate external members
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

---------------------------------------
Added group "ipa_trunc_func_bug_874671"
---------------------------------------
  Group name: ipa_trunc_func_bug_874671
  Description: desc
:: [   PASS   ] :: Running 'ipa group-add --desc=desc ipa_trunc_func_bug_874671 --external' (Expected 0, got 0)
  Group name: ipa_trunc_func_bug_874671
  Description: desc
  External member: S-1-5-21-1111600086-3918383388-1921175064-513
-------------------------
Number of members added 1
-------------------------
:: [   PASS   ] :: Running 'ipa group-add-member ipa_trunc_func_bug_874671 --users '' --groups '' --external 'AD1\Domain Users'' (Expected 0, got 0)
:: [   PASS   ] :: Running 'ipa group-add-member ipa_trunc_func_bug_874671 --users '' --groups '' --external 'AD1\Domain Users' > /tmp/ipa_trunc_func_bug_874671.tmpout 2>&1' (Expected 1, got 1)
  Group name: ipa_trunc_func_bug_874671
  Description: desc
  External member: S-1-5-21-1111600086-3918383388-1921175064-513
  Failed members: 
    member user: 
    member group: S-1-5-21-1111600086-3918383388-1921175064-513: This entry is already a member
-------------------------
Number of members added 0
-------------------------
:: [   PASS   ] :: Running 'cat /tmp/ipa_trunc_func_bug_874671.tmpout' (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/ipa_trunc_func_bug_874671.tmpout' should contain 'This entry is already a member' 
:: [   PASS   ] :: BZ 874671 not found 
:: [ 14:08:12 ] ::  Cleaning up after test
-----------------------------------------
Deleted group "ipa_trunc_func_bug_874671"
-----------------------------------------
:: [   PASS   ] :: Running 'ipa group-del ipa_trunc_func_bug_874671' (Expected 0, got 0)

Comment 9 Ludek Smid 2014-06-13 09:33:05 UTC
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.


Note You need to log in before you can comment on or make changes to this bug.