https://bugzilla.redhat.com/show_bug.cgi?id=720336
I have created an user in a testinstance:
[root@ipa01 ~]# id falko uid=1612200003(falko) gid=1612200003(falko) groups=1612200003(falko),1612200001(ipausers),1612200004(ttt.admin),1612200000(admins)
The user is in the group 'admin', because the group 'ttt.admin' is listed in the member groups of 'admin'. While this works fine with ldap/sssd, the WebUI seems to not check the nested groups.
If I directly add my testuser to the group 'admin' the WebUI correctly displays the Admin options.
- Install freeipa-server - Create a group 'xxx' - Add 'xxx' group to 'admin' group - Create user 'asdf' - Add 'asdf' user to the 'xxx' group - id 'asdf' will show both groups - WebUI will only display the user webinterface
The bug clarifies that this isn't about viewing the groups of an individual user but in the rights the user gets as a result of group membership.
fixed in 0475340
Metadata Update from @rcritten: - Issue assigned to admiyo - Issue set to the milestone: FreeIPA 2.1 - 2011/07
Login to comment on this ticket.