#5625 TestSudo.test_sudo_rule_restricted_to_one_hostmask
Closed: Fixed None Opened 3 years ago by lslebodn.

There is a new version of sssd (1.13.3-3) in fedora which support the native IPA schema RHBZ1256849. It will be in updates-testing on fedora 22+ in few days.

However, the new native IPA schema does not support hostmask and therefore the freeipa sudo upstream test will fail.

=================================== FAILURES ===================================
______________ TestSudo.test_sudo_rule_restricted_to_one_hostmask ______________

self = <ipatests.test_integration.test_sudo.TestSudo object at 0x7ffa5fe97dd0>

    def test_sudo_rule_restricted_to_one_hostmask(self):
        if self.__class__.skip_hostmask_based:
            raise pytest.skip("Hostmask could not be detected")

        result1 = self.list_sudo_commands("testuser1")
>       assert "(ALL : ALL) NOPASSWD: ALL" in result1.stdout_text
E       assert '(ALL : ALL) NOPASSWD: ALL' in ''
E        +  where '' = <pytest_multihost.transport.SSHCommand object at 0x7ffa5febb450>.stdout_text

test_integration/test_sudo.py:295: AssertionError
==================== 1 failed, 74 passed in 1331.73 seconds ====================

It works only old sudo schema. And you need to change in sssd conf to set sudo search base to old schema.
The default for ldap_sudo_search_base is cn=sudo,$base_dn
old schema is in ou=sudoers,$base_dn
e.g.

ldap_sudo_search_base = ou=sudoers,dc=ipa,dc=example,dc=com
}}

Replying to [comment:1 akasurde]:

Seems to be similar to https://fedorahosted.org/freeipa/ticket/5501
No, it isn't. I would recommend to properly read description of ticket.

ipa-4-2:

  • 6147563 CI tests: use old schema when testing hostmask-based sudo rules

ipa-4-3:

  • 89f033a CI tests: use old schema when testing hostmask-based sudo rules

master:

  • 94a836d CI tests: use old schema when testing hostmask-based sudo rules

Metadata Update from @lslebodn:
- Issue assigned to mbabinsk
- Issue set to the milestone: FreeIPA 4.2.4

2 years ago

Login to comment on this ticket.

Metadata