#8807 [RFE] IPA to allow setting a new range type.
Closed: fixed 2 years ago by rcritten. Opened 2 years ago by frenaud.

Ticket was cloned from Red Hat Bugzilla: Bug 1688267

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

While using POSIX id mapping with IPA/AD trust auto_private_groups  not working
as expected

===
# ipa trust-add --type=ad lab.domain.com --admin administrator
--password  --range-type=ipa-ad-trust-posix
Active Directory domain administrator's password:

# id kushal@lab.domain.com
uid=10000(kushal@lab.domain.com) gid=10000 groups=10000,10020(domain
users@lab.domain.com)
===

If I do not use POSIX attribute.

# ipa trust-add --type=ad lab.domain.com --admin administrator
--password  --range-type=ipa-ad-trust

# id kushal@lab.domain.com
uid=672401109(kushal@lab.domain.com)
gid=672401109(kushal@lab.domain.com) groups=672401109(kushal@lab.
domain.com),815100004(ad_admins),672400513(domain users@lab.domain.com)

I have opened this bugzilla based on the suggestion from Jakub

https://bugzilla.redhat.com/show_bug.cgi?id=1649464#c3

Reference BZ:- https://bugzilla.redhat.com/show_bug.cgi?id=1649464

Metadata Update from @frenaud:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1688267

2 years ago

Metadata Update from @frenaud:
- Issue assigned to frenaud

2 years ago

Metadata Update from @frenaud:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/5712

2 years ago

master:

  • a0509eb Design doc for idrange option "auto-private-groups"
  • 3844f5b LDAP schema: new attribute ipaautoprivategroups
  • ba7ab24 Trust: add auto private groups option
  • f45a79a xmlrpc tests: add test for idrange auto-private-groups option

ipa-4-9:

  • 9d34142 Design doc for idrange option "auto-private-groups"
  • 42b8fa6 LDAP schema: new attribute ipaautoprivategroups
  • cada918 Trust: add auto private groups option
  • 7ddc191 xmlrpc tests: add test for idrange auto-private-groups option

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

2 years ago

Metadata Update from @abbra:
- Custom field changelog adjusted to A new option was added to define how private groups represented in ID ranges of trusted Active Directory domains. More details can be found in the design document: https://freeipa.readthedocs.io/en/latest/designs/adtrust/auto-private-groups.html
- Custom field design adjusted to https://freeipa.readthedocs.io/en/latest/designs/adtrust/auto-private-groups.html

2 years ago

master:

  • 663cd9a ipatests: Tests for Autoprivate group.
  • 9d1f227 mark xfail for test_idoverride_with_auto_private_group[hybrid]
  • 3403af5 Mark xfail test_gidnumber_not_corresponding_existing_group[true,hybrid]

ipa-4-9:

  • 6b70e3c ipatests: Tests for Autoprivate group.
  • 8438100 mark xfail for test_idoverride_with_auto_private_group[hybrid]
  • 7ad500e Mark xfail test_gidnumber_not_corresponding_existing_group[true,hybrid]

Login to comment on this ticket.

Metadata