Issue #4435: Trusted AD users are not resovable in netgroups - freeipa

freeipa

#4435 Trusted AD users are not resovable in netgroups

Closed: wontfix 5 years ago Opened 9 years ago by dpal.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1118670

Description of problem:
AD uesrs in posix group, added to a netgroup are not resolvable in that
netgroup

Version-Release number of selected component (if applicable):
ipa-server-3.3.3-28.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. Add Trust with an AD server

2. Create an external group and add AD users to that group
# ipa group-add adusers_ext --external
# ipa group-add-member adusers_ext
--external=aduser1@adtest.qe,aduser1@pune.adtest.qe

3. Create a Posix groups and add external group as member
# ipa group-add adusers_grp --desc "internal grp"
# ipa group-add-member adusers_grp --groups=adusers_ext

4. Create a netgroup and add the posix group as member
# ipa netgroup-add ng001 --desc="testing ng"
# ipa netgroup-add-member --group=adusers_grp ng001

5. Add a ipa user as a memeber of the netgroup
# ipa netgroup-add-member --user=ipahttpuser1 ng001

6. Do getent for that netgroup
# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start
Redirecting to /bin/systemctl stop  sssd.service
Redirecting to /bin/systemctl start  sssd.service
# getent netgroup ng001
ng001                 (-,ipahttpuser1,steeve06171722.test)

Actual results:
AD users are not resolved when getent netgroup is rung. IPA user is resovled.
[root@hp-ms-01-c40 ~]# getent netgroup ng001
ng001                 (-,ipahttpuser1,steeve06171722.test)

Expected results:
AD users should also be resolved

Additional info:

mkosek commented 9 years ago

This will require a change in slapi-nis. Alexander plans to look at it when working on Views (or delegate to sb else).

mkosek commented 9 years ago

There was no time for this ticket in 4.1 - moving to later release.

mkosek commented 8 years ago

Same as #4403. This would require some serious work in slapi-nis. It may be a potential target after Global Catalog work (#3125).

Metadata Update from @dpal:
- Issue assigned to abbra
- Issue set to the milestone: FreeIPA 4.5 backlog

7 years ago

rcritten commented 5 years ago

Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.

Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.

Metadata Update from @rcritten:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

5 years ago

Metadata

Assignee

abbra

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.5 backlog

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

Trusts

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1118670

tester

None

changelog

None

design

None

freeipa

Source Code

#4435 Trusted AD users are not resovable in netgroups Closed: wontfix 5 years ago Opened 9 years ago by dpal.

Metadata

#4435 Trusted AD users are not resovable in netgroups

Closed: wontfix 5 years ago Opened 9 years ago by dpal.