https://bugzilla.redhat.com/show_bug.cgi?id=783548 (Red Hat Enterprise Linux 6)
Description of problem: ipa delegation-mod works if --membergroup entry does not exist. It should fail in this scenario like it does when --group entry does not exist. # ipa group-find dnegroup ---------------- 0 groups matched ---------------- ---------------------------- Number of entries returned 0 ---------------------------- # ipa delegation-mod testdelegation --membergroup=dnegroup ------------------------------------ Modified delegation "testdelegation" ------------------------------------ Delegation name: testdelegation Permissions: write Attributes: mobile Member user group: dnegroup User group: ipausers Version-Release number of selected component (if applicable): ipa-server-2.2.0-101.20120118T0229zgitbb854ce.el6.x86_64 ipa-admintools-2.2.0-101.20120118T0229zgitbb854ce.el6.x86_64 389-ds-base-libs-1.2.9.14-1.el6.x86_64 389-ds-base-1.2.9.14-1.el6.x86_64 How reproducible: always Steps to Reproduce: 1. <setup ipa server> 2. kinit admin 3. ipa delegation-add testdelegation --membergroup=admins --group=ipausers --attrs=mobile 4. ipa delegation-mod testdelegation --membergroup=dnegroup Actual results: Modifies entry with invalid membergroup. Expected results: returns an error similar to --group when it is passed an invalid group name. Additional info: /var/log/httpd/error_log message: [Fri Jan 20 14:28:34 2012] [error] ipa: INFO: admin@TESTRELM: delegation_mod(u'testdelegation', memberof=u'dnegroup', all=False, raw=False, version=u'2.21'): SUCCESS
Fixed with #2286
Metadata Update from @dpal: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/02
Login to comment on this ticket.