#2481 ID Views implementation does not support IPA user&group overrides
Closed: Fixed None Opened 5 years ago by mkosek.

FreeIPA configuration set via CLI:

# ipa idview-show test --all --show-hosts
  dn: cn=test,cn=views,cn=accounts,dc=mkosek-f21,dc=test
  ID View Name: test
  Description: test
  User object overrides: fbar
  Hosts the view applies to: ipa.mkosek-f21.test, client.mkosek-f21.test
  objectclass: ipaIDView, top, nsContainer

# ipa idoverrideuser-find test --all --raw
--------------------------
1 User ID override matched
--------------------------
  dn: ipaanchoruuid=:IPA:mkosek-f21.test:a645b822-63bd-11e4-8f92-001a4a104e33,cn=test,cn=views,cn=accounts,dc=mkosek-f21,dc=test
  ipaanchoruuid: :IPA:mkosek-f21.test:a645b822-63bd-11e4-8f92-001a4a104e33
  uidnumber: 1000
  homedirectory: /foo/bar
  ipaoriginaluid: fbar
  objectClass: ipaOverrideAnchor
  objectClass: top
  objectClass: ipaUserOverride
----------------------------
Number of entries returned 1
----------------------------

When tested with SSSD, the override does not work

# getent passwd fbar
fbar:*:108000003:108000003:Foo Bar:/home/fbar:/bin/sh

The ldbsearch shows that the View was properly downloaded:

# record 2
dn: cn=views,cn=sysdb
viewName: test
distinguishedName: cn=views,cn=sysdb

Fields changed

description:
{{{

ipa idview-show test --all --show-hosts

dn: cn=test,cn=views,cn=accounts,dc=mkosek-f21,dc=test
ID View Name: test
Description: test
User object overrides: fbar
Hosts the view applies to: ipa.mkosek-f21.test, client.mkosek-f21.test
objectclass: ipaIDView, top, nsContainer

ipa idoverrideuser-find test --all --raw


1 User ID override matched

dn: ipaanchoruuid=:IPA:mkosek-f21.test:a645b822-63bd-11e4-8f92-001a4a104e33,cn=test,cn=views,cn=accounts,dc=mkosek-f21,dc=test
ipaanchoruuid: :IPA:mkosek-f21.test:a645b822-63bd-11e4-8f92-001a4a104e33
uidnumber: 1000
homedirectory: /foo/bar
ipaoriginaluid: fbar
objectClass: ipaOverrideAnchor
objectClass: top
objectClass: ipaUserOverride


Number of entries returned 1

}}}

When tested with SSSD, the override does not work
{{{

getent passwd fbar

fbar:*:108000003:108000003:Foo Bar:/home/fbar:/bin/sh
}}}

The ldbsearch shows that the View was properly downloaded:
{{{

record 2

dn: cn=views,cn=sysdb
viewName: test
distinguishedName: cn=views,cn=sysdb
}}} => FreeIPA configuration set via CLI:

{{{

ipa idview-show test --all --show-hosts

dn: cn=test,cn=views,cn=accounts,dc=mkosek-f21,dc=test
ID View Name: test
Description: test
User object overrides: fbar
Hosts the view applies to: ipa.mkosek-f21.test, client.mkosek-f21.test
objectclass: ipaIDView, top, nsContainer

ipa idoverrideuser-find test --all --raw


1 User ID override matched

dn: ipaanchoruuid=:IPA:mkosek-f21.test:a645b822-63bd-11e4-8f92-001a4a104e33,cn=test,cn=views,cn=accounts,dc=mkosek-f21,dc=test
ipaanchoruuid: :IPA:mkosek-f21.test:a645b822-63bd-11e4-8f92-001a4a104e33
uidnumber: 1000
homedirectory: /foo/bar
ipaoriginaluid: fbar
objectClass: ipaOverrideAnchor
objectClass: top
objectClass: ipaUserOverride


Number of entries returned 1

}}}

When tested with SSSD, the override does not work
{{{

getent passwd fbar

fbar:*:108000003:108000003:Foo Bar:/home/fbar:/bin/sh
}}}

The ldbsearch shows that the View was properly downloaded:
{{{

record 2

dn: cn=views,cn=sysdb
viewName: test
distinguishedName: cn=views,cn=sysdb
}}}
summary: ID Views implementation does not support IPA user overrides => ID Views implementation does not support IPA user&group overrides

Sumit would look into this.

owner: somebody => sbose

Fields changed

patch: 0 => 1

Fields changed

patch: 1 => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.12.3

Fields changed

milestone: SSSD 1.12.3 => NEEDS_TRIAGE
patch: 0 => 1

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.12.3

Fields changed

rhbz: => 0

Metadata Update from @mkosek:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.12.3

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3523

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata