https://bugzilla.redhat.com/show_bug.cgi?id=772852
Description of problem: "Unresolved rules in --rules" error message is displayed if the hbacrule is not in the first 100 hbacrules list. Version-Release number of selected component (if applicable): ipa-server-2.1.3-9.el6.x86_64 How reproducible: Always Steps to Reproduce: 1. Create more than 100 hbac rules. 2. Create one hbacrule as: # ipa hbacrule-show shanks-hbac Rule name: shanks-hbac Enabled: TRUE Users: shanks Hosts: ratchet.lab.eng.pnq.redhat.com Source Hosts: ratchet.lab.eng.pnq.redhat.com Services: sshd 3. "ipa hbacrule-find" displays only the first 100 rules it finds. Make sure your rule in Step2 is not displayed in this 100. 4. ipa hbactest --user=shanks --srchost=ratchet.lab.eng.pnq.redhat.com --host=ratchet.lab.eng.pnq.redhat.com --service=sshd --rules=shanks-hbac Actual results: --------------------------- Unresolved rules in --rules --------------------------- error: shanks-hbac Expected results: -------------------- Access granted: True -------------------- matched: shanks-hbac Additional info:
I just noticed shanks has already cloned a ticket to #2230 but forgot to update the BZ. Closing as a duplicate.
Metadata Update from @mkosek: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/01
Login to comment on this ticket.