#8081 Flag external should skip unnecessary data query when executing "ipa group-add-member"
Closed: worksforme 4 years ago by rcritten. Opened 4 years ago by slamy.

Request for enhancement

As an IPA server administrator, I want to automate with Ansible my IPA server installation so that I can reproduce the install if needed

Issue

As I have setup a one-way AD trust which is working well, I want to write an Ansible role to create external groups mapped to posix groups.

I have followed the official doc and it works with no problem. But the third step :

# ipa group-add-member ad_admins_external --external 'ad_netbios\Domain Admins'

always prompt me for a user or a group... so Ansible stops here

When I am using the CLI I just hit Enter two times, the member is added as expected with no notice about unfilled user or group.

Steps to Reproduce

  1. Install IPA server with AD trust
  2. Follow the 4 steps to map AD groups to POSIX (https://www.freeipa.org/page/Active_Directory_trust_setup#Allow_access_for_users_from_AD_domain_to_protected_resources)
  3. Write a script with these 4 steps
  4. Look how the third step is waiting for a keyboard input

Actual behavior

Impossible to execute the 4 steps "Allow_access_for_users_from_AD_domain_to_protected_resources" in a script without to be prompting at the third one

Expected behavior

The third step should allow to run quietly if external flag is filled, as this is something in the official doc and it works

Version/Release/Distribution

FreeIPA on Centos 7

ipa-server-4.6.5-11.el7.centos.x86_64
ipa-client-4.6.5-11.el7.centos.x86_64
389-ds-base-1.3.9.1-10.el7.x86_64
pki-ca-10.5.16-3.el7.noarch
krb5-server-1.15.1-37.el7_7.2.x86_64

Thank you for your very good work so far!


Use -n/--no-prompt with the ipa command to avoid prompting:

ipa -n group-add-member ad_admins_external --external 'ad_netbios\Domain Admins'

Metadata Update from @rcritten:
- Issue close_status updated to: worksforme
- Issue status updated to: Closed (was: Open)

4 years ago

Login to comment on this ticket.

Metadata