#1519 membership of IPA hostgroups is not evaluated when treating them as netgroups
Closed: Fixed None Opened 11 years ago by pbrezina.

IPA hostgroup is also represented as a netgroup. SSSD does not longer evaluate it's membership. This seems to be broken by fdab7bb.

Host group:

  Host-group: hostgroup-1
  Description: Testing hostgroup.
  Member hosts: vm-129.idm.lab.bos.redhat.com, vm-134.idm.lab.bos.redhat.com, vm-085.idm.lab.bos.redhat.com
  Member of Sudo rule: hostgroup-test

This hostgroup is also represented as netgroup in LDAP:

dn: cn=hostgroup-1,cn=ng,cn=alt,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
objectClass: ipanisnetgroup
objectClass: ipaobject
objectClass: mepManagedEntry
objectClass: ipaAssociation
objectClass: top
cn: hostgroup-1
ipaUniqueID: b55292f2-f828-11e1-96b6-001a4a104ea6
description: ipaNetgroup hostgroup-1
memberHost: cn=hostgroup-1,cn=hostgroups,cn=accounts,dc=idm,dc=lab,dc=bos,dc
 =redhat,dc=com
mepManagedBy: cn=hostgroup-1,cn=hostgroups,cn=accounts,dc=idm,dc=lab,dc=bos,
 dc=redhat,dc=com
nisDomainName: idm.lab.bos.redhat.com

Expected result:

$ getent netgroup hostgroup-1
hostgroup-1           (vm-085.idm.lab.bos.redhat.com, -, idm.lab.bos.redhat.com) (vm-134.idm.lab.bos.redhat.com, -, idm.lab.bos.redhat.com) (vm-129.idm.lab.bos.redhat.com, -, idm.lab.bos.redhat.com)

Actual result:

$ getent netgroup hostgroup-1
hostgroup-1

A regression should be an RC1 blocker.

priority: major => blocker

master: 5e9bc89

milestone: NEEDS_TRIAGE => SSSD 1.9.0 RC1
owner: somebody => pbrezina

Fields changed

resolution: => fixed
status: new => closed

Fields changed

rhbz: => 0

Metadata Update from @pbrezina:
- Issue assigned to pbrezina
- Issue set to the milestone: SSSD 1.9.0 RC1

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2561

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata