freeipa

Clone
Source Code
GIT

#1320 Comma separated values for --externaluser option in sudorule-mod are accepted as a single value
Closed: Fixed None Opened 12 years ago by mkosek.

Closed: Fixed
Reopen Issue

Comma separated values for --externaluser option in sudorule-mod are accepted as a single value.

Steps to Reproduce:
1. # ipa sudorule-add-user rule1 --users=sudorule1,sudorule2
  Rule name: rule1
  Enabled: TRUE
  External User: sudorule1, sudorule2
-------------------------
Number of members added 2
-------------------------

2. # ipa sudorule-find rule1 --all --raw
  dn:
ipauniqueid=7eed5c88-964f-11e0-bc9a-525400deab7b,cn=sudorules,cn=sudo,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  cn: rule1
  ipaenabledflag: TRUE
  externaluser: sudorule2
  externaluser: sudorule1
  ipauniqueid: 7eed5c88-964f-11e0-bc9a-525400deab7b
  objectclass: ipaassociation
  objectclass: ipasudorule
----------------------------
Number of entries returned 1
----------------------------

3. # ipa sudorule-mod rule1 --externaluser=sudorule3,sudorule4
  Rule name: rule1
  Enabled: TRUE
  External User: sudorule3,sudorule4

https://bugzilla.redhat.com/show_bug.cgi?id=713069

This ticket is related to:
https://bugzilla.redhat.com/show_bug.cgi?id=711667 (#1307)

Reassigning to jdennis as he has a very similar ticket (#1307)

master: d8c4797

Metadata Update from @mkosek:
- Issue assigned to rcritten
- Issue set to the milestone: FreeIPA 2.1 - 2011/07
7 years ago

master:

  • afcb060 Add design document for using AD users/groups in SUDO rules
  • 172e4b9 baseldap: refactor validator support in add_external_pre_callback
  • 5fae809 baseldap: when adding external objects, differentiate between them and failures
  • 0ffdfc7 idviews: add extended validator for users from trusted domains
  • a37db29 sudorule-add-user: allow to reference users and groups from trusted domains directly
  • 349322e sudorule runAs: allow to add users and groups from trusted domains directly
  • 09e06e0 ipatests: fix test_sudorule_plugin's wrong argument use
  • 642b81e test_trust: add tests for using AD users and groups in SUDO rules
  • c91a1a0 ipatests: when talking to AD DCs, use FQDN credentials
  • 08d7209 baseldap: allow rejecting unknown objects instead of adding to an external attr

ipa-4-9:

  • 16b30cb Add design document for using AD users/groups in SUDO rules
  • 132d7fb baseldap: refactor validator support in add_external_pre_callback
  • ffc2edf baseldap: when adding external objects, differentiate between them and failures
  • a3563d1 idviews: add extended validator for users from trusted domains
  • 054a068 sudorule-add-user: allow to reference users and groups from trusted domains directly
  • 78043bf sudorule runAs: allow to add users and groups from trusted domains directly
  • f4d3c91 ipatests: fix test_sudorule_plugin's wrong argument use
  • a7c56fd test_trust: add tests for using AD users and groups in SUDO rules
  • 64b70be ipatests: when talking to AD DCs, use FQDN credentials
  • 51ca387 baseldap: allow rejecting unknown objects instead of adding to an external attr

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
Command plugins
None
1
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=713069
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.