#1320 Comma separated values for --externaluser option in sudorule-mod are accepted as a single value
Closed: Fixed None Opened 11 years ago by mkosek.

Comma separated values for --externaluser option in sudorule-mod are accepted as a single value.

Steps to Reproduce:
1. # ipa sudorule-add-user rule1 --users=sudorule1,sudorule2
  Rule name: rule1
  Enabled: TRUE
  External User: sudorule1, sudorule2
-------------------------
Number of members added 2
-------------------------

2. # ipa sudorule-find rule1 --all --raw
  dn:
ipauniqueid=7eed5c88-964f-11e0-bc9a-525400deab7b,cn=sudorules,cn=sudo,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  cn: rule1
  ipaenabledflag: TRUE
  externaluser: sudorule2
  externaluser: sudorule1
  ipauniqueid: 7eed5c88-964f-11e0-bc9a-525400deab7b
  objectclass: ipaassociation
  objectclass: ipasudorule
----------------------------
Number of entries returned 1
----------------------------

3. # ipa sudorule-mod rule1 --externaluser=sudorule3,sudorule4
  Rule name: rule1
  Enabled: TRUE
  External User: sudorule3,sudorule4

https://bugzilla.redhat.com/show_bug.cgi?id=713069

This ticket is related to:
https://bugzilla.redhat.com/show_bug.cgi?id=711667 (#1307)


Reassigning to jdennis as he has a very similar ticket (#1307)

Metadata Update from @mkosek:
- Issue assigned to rcritten
- Issue set to the milestone: FreeIPA 2.1 - 2011/07

5 years ago

master:

  • afcb060 Add design document for using AD users/groups in SUDO rules
  • 172e4b9 baseldap: refactor validator support in add_external_pre_callback
  • 5fae809 baseldap: when adding external objects, differentiate between them and failures
  • 0ffdfc7 idviews: add extended validator for users from trusted domains
  • a37db29 sudorule-add-user: allow to reference users and groups from trusted domains directly
  • 349322e sudorule runAs: allow to add users and groups from trusted domains directly
  • 09e06e0 ipatests: fix test_sudorule_plugin's wrong argument use
  • 642b81e test_trust: add tests for using AD users and groups in SUDO rules
  • c91a1a0 ipatests: when talking to AD DCs, use FQDN credentials
  • 08d7209 baseldap: allow rejecting unknown objects instead of adding to an external attr

ipa-4-9:

  • 16b30cb Add design document for using AD users/groups in SUDO rules
  • 132d7fb baseldap: refactor validator support in add_external_pre_callback
  • ffc2edf baseldap: when adding external objects, differentiate between them and failures
  • a3563d1 idviews: add extended validator for users from trusted domains
  • 054a068 sudorule-add-user: allow to reference users and groups from trusted domains directly
  • 78043bf sudorule runAs: allow to add users and groups from trusted domains directly
  • f4d3c91 ipatests: fix test_sudorule_plugin's wrong argument use
  • a7c56fd test_trust: add tests for using AD users and groups in SUDO rules
  • 64b70be ipatests: when talking to AD DCs, use FQDN credentials
  • 51ca387 baseldap: allow rejecting unknown objects instead of adding to an external attr

Login to comment on this ticket.

Metadata