#8990 ipa group-mod should fail properly with --posix and --external options
Closed: fixed a year ago by rcritten. Opened 3 years ago by twoerner.

Issue

ipa group-mod is not failing properly if --posix and --external are given.

Steps to Reproduce

  1. ipa group-add testgroup --nonposix
  2. ipa group-mod testgroup --posix --external

Actual behavior

ipa: ERROR: attribute "gidNumber" not allowed
It is good that this is failing, bit the error message is bad.

Expected behavior

An error that posix can not be used together with external.

Version/Release/Distribution

$ rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server
freeipa-server-4.9.6-2.fc34.x86_64
freeipa-client-4.9.6-2.fc34.x86_64
package ipa-server is not installed
package ipa-client is not installed
389-ds-base-2.0.5-1.fc34.x86_64
pki-ca-10.10.6-1.fc34.noarch
krb5-server-1.19.1-3.fc34.x86_64

Additional info:

Having posix and external as mutually exclusive would also solve this:
$ ipa group-add testgroup
$ ipa group-mod testgroup --posix --external
ipa: ERROR: This is already a posix group


This combination does also not make a lot of sense:
$ ipa group-add testgroup --nonposix --external

Metadata Update from @rcritten:
- Issue assigned to rcritten

a year ago

I agree that $ ipa group-add testgroup --nonposix --external doesn't make sense since --nonposix is implied but it doesn't hurt anything. Returning an error wouldn't be helpful to the user because the end result is still a nonposix group (the option is basically ignored). I feel like it would be a gotcha.

master:

  • a213253 Don't allow a group to be converted to POSIX and external

ipa-4-9:

  • fa321b2 Don't allow a group to be converted to POSIX and external

ipa-4-10:

  • 58017ab Don't allow a group to be converted to POSIX and external

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

a year ago

Log in to comment on this ticket.

Metadata