ipa group-mod is not failing properly if --posix and --external are given.
ipa: ERROR: attribute "gidNumber" not allowed It is good that this is failing, bit the error message is bad.
An error that posix can not be used together with external.
$ rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server freeipa-server-4.9.6-2.fc34.x86_64 freeipa-client-4.9.6-2.fc34.x86_64 package ipa-server is not installed package ipa-client is not installed 389-ds-base-2.0.5-1.fc34.x86_64 pki-ca-10.10.6-1.fc34.noarch krb5-server-1.19.1-3.fc34.x86_64
Having posix and external as mutually exclusive would also solve this: $ ipa group-add testgroup $ ipa group-mod testgroup --posix --external ipa: ERROR: This is already a posix group
This combination does also not make a lot of sense: $ ipa group-add testgroup --nonposix --external
Metadata Update from @rcritten: - Issue assigned to rcritten
I agree that $ ipa group-add testgroup --nonposix --external doesn't make sense since --nonposix is implied but it doesn't hurt anything. Returning an error wouldn't be helpful to the user because the end result is still a nonposix group (the option is basically ignored). I feel like it would be a gotcha.
$ ipa group-add testgroup --nonposix --external
PR https://github.com/freeipa/freeipa/pull/6855
master:
ipa-4-9:
ipa-4-10:
Metadata Update from @rcritten: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.