Issue #8335: [WebUI] manage IPA resources as a user from a trusted Active Directory domain - freeipa

freeipa

#8335 [WebUI] manage IPA resources as a user from a trusted Active Directory domain

Closed: fixed 3 years ago by rcritten. Opened 3 years ago by stsymbal.

Description of problem:

In Webui showing "IPA Error 3007: RequirmentError" while adding members in "User ID overrides" tab

How reproducible:
100%

Steps to Reproduce:
1. Setup ipa-server
2. Setup AD trust
3. Add Trust Domain, Go to Identity > IPA Server > Trusts > Trusts > Add
4. Create ID override for AD user, Go to Identity > ID View > click "Default Trust View"
5. Click "Add" button on the right-hand side
6. ADD ADuser@addomain in "user to override" field
7. Hit "Add"
8. Add AD user to admin group, Go to Identity > Groups > click "admins"
9. Now Click "User ID overrides" tab (next to "External" tab)
10. Then click "Add" button.

Actual results:
"IPA Error 3007: RequirmentError" Error dialog pops up.

Expected results:
Should pop up ADD dialog.

rcritten commented 3 years ago

master:

676774d kdb: handle enterprise principal lookup in AS_REQ
28389fe Add design page for managing IPA resources as a user from a trusted Active Directory forest
ecc0a96 support using trust-related operations in the server console
973e0c0 idviews: handle unqualified ID override lookups from Web UI
bee4204 Support adding user ID overrides as group and role members
306304b tests: account for ID overrides as members of groups and roles
0ba64b1 Web UI: allow users from trusted Active Directory forest manage IPA
9248d23 ipatests: test that adding Active Directory user to a role makes it an administrator

rcritten commented 3 years ago

ipa-4-8:

6abade3 kdb: handle enterprise principal lookup in AS_REQ
afe9191 support using trust-related operations in the server console
2ffb4fd idviews: handle unqualified ID override lookups from Web UI
8cce2bb Support adding user ID overrides as group and role members
5e8df37 tests: account for ID overrides as members of groups and roles
99e613e Web UI: allow users from trusted Active Directory forest manage IPA
6b0f8f3 ipatests: test that adding Active Directory user to a role makes it an administrator

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

3 years ago

Metadata Update from @abbra:
- Custom field changelog adjusted to It is now possible to manage IPA resources as a user from a trusted Active Directory domain.
- Issue assigned to abbra (was: stsymbal)

3 years ago

Metadata Update from @abbra:
- Custom field changelog adjusted to When users from trusted Active Directory domains have permissions to manage IPA resources, they can do so through a Web UI management console. (was: It is now possible to manage IPA resources as a user from a trusted Active Directory domain.)

3 years ago

stsymbal commented 3 years ago

master:

c2ba333 WebUI: Fix "IPA Error 3007: RequirmentError" while adding idoverrideuser association

abbra commented 3 years ago

ipa-4-8:

ffe7f7b WebUI: Fix "IPA Error 3007: RequirmentError" while adding idoverrideuser association

Metadata

Assignee

abbra

Tags

Blocking

None

Depending on

None

Priority

None

Milestone

None

affects_doc

None

source

None

knownissue

None

type

None

blockedby

None

test_case

None

component

None

blocking

None

on_review

None

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

None

tester

None

changelog

When users from trusted Active Directory domains have permissions to manage IPA resources, they can do so through a Web UI management console.

design

None

freeipa

Source Code

#8335 [WebUI] manage IPA resources as a user from a trusted Active Directory domain Closed: fixed 3 years ago by rcritten. Opened 3 years ago by stsymbal.

Metadata

webui

#8335 [WebUI] manage IPA resources as a user from a trusted Active Directory domain

Closed: fixed 3 years ago by rcritten. Opened 3 years ago by stsymbal.