#1519 membership of IPA hostgroups is not evaluated when treating them as netgroups
Closed: Fixed None Opened 7 years ago by pbrezina.

IPA hostgroup is also represented as a netgroup. SSSD does not longer evaluate it's membership. This seems to be broken by fdab7bb.

Host group:

  Host-group: hostgroup-1
  Description: Testing hostgroup.
  Member hosts: vm-129.idm.lab.bos.redhat.com, vm-134.idm.lab.bos.redhat.com, vm-085.idm.lab.bos.redhat.com
  Member of Sudo rule: hostgroup-test

This hostgroup is also represented as netgroup in LDAP:

dn: cn=hostgroup-1,cn=ng,cn=alt,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
objectClass: ipanisnetgroup
objectClass: ipaobject
objectClass: mepManagedEntry
objectClass: ipaAssociation
objectClass: top
cn: hostgroup-1
ipaUniqueID: b55292f2-f828-11e1-96b6-001a4a104ea6
description: ipaNetgroup hostgroup-1
memberHost: cn=hostgroup-1,cn=hostgroups,cn=accounts,dc=idm,dc=lab,dc=bos,dc
 =redhat,dc=com
mepManagedBy: cn=hostgroup-1,cn=hostgroups,cn=accounts,dc=idm,dc=lab,dc=bos,
 dc=redhat,dc=com
nisDomainName: idm.lab.bos.redhat.com

Expected result:

$ getent netgroup hostgroup-1
hostgroup-1           (vm-085.idm.lab.bos.redhat.com, -, idm.lab.bos.redhat.com) (vm-134.idm.lab.bos.redhat.com, -, idm.lab.bos.redhat.com) (vm-129.idm.lab.bos.redhat.com, -, idm.lab.bos.redhat.com)

Actual result:

$ getent netgroup hostgroup-1
hostgroup-1

A regression should be an RC1 blocker.

priority: major => blocker

master: 5e9bc89

milestone: NEEDS_TRIAGE => SSSD 1.9.0 RC1
owner: somebody => pbrezina

Fields changed

resolution: => fixed
status: new => closed

Fields changed

rhbz: => 0

Metadata Update from @pbrezina:
- Issue assigned to pbrezina
- Issue set to the milestone: SSSD 1.9.0 RC1

2 years ago

Login to comment on this ticket.

Metadata