https://bugzilla.redhat.com/show_bug.cgi?id=735185
Description of problem: For a HBAC Rule, add a host and hostgroup in 'From' section to include - Source host category the rule applies to. But this host and hostgroup are not listed as being members of the HBAC rule Similarly, for a Sudo Rule, add a user and usergroup in 'As whom' section to include - RunAs User category the rule applies to. But this user and usergroup are not listed as being members of the Sudo rule Version-Release number of selected component (if applicable): ipa-server-2.1.0-105.20110901T0304zgit887f02a.el6.x86_64 How reproducible: always Steps to Reproduce: 1. Add a HBAC Rule 2. Edit this rule, go to From Section 3. Add a host, and a hostgroup 4. Click on this host to go to Host page, click on HBAC Rules 4. Click on this hostgroup to go to Host Group page, click on HBAC Rules Also: 1. Add a Sudo Rule 2. Edit this rule, go to As Whom Section 3. Add a user, and a usergroup 4. Click on this user to go to User page, click on Sudo Rules 4. Click on this usergroup to go to User Group page, click on Sudo Rules Actual results: Host is not member of the HBAC Rule HostGroup is not member of the HBAC Rule User is not member of the Sudo Rule UserGroup is not member of the Sudo Rule Expected results: Host should be member of the HBAC Rule HostGroup should be member of the HBAC Rule User should be member of the Sudo Rule UserGroup should be member of the Sudo Rule Additional info: ldapsearch on HBAC Rule: >ldapsearch -D "cn=Directory Manager" -w Secret123 -b "ipauniqueid=8cae0058-d4bf-11e0-9d46-00215e2032c0,cn=hbac,dc=testrelm" dn: ipaUniqueID=8cae0058-d4bf-11e0-9d46-00215e2032c0,cn=hbac,dc=testrelm objectClass: ipaassociation objectClass: ipahbacrule accessRuleType: allow ipaEnabledFlag: TRUE cn: test ipaUniqueID: 8cae0058-d4bf-11e0-9d46-00215e2032c0 memberUser: uid=hbacusr,cn=users,cn=accounts,dc=testrelm memberUser: cn=hbacgrp,cn=groups,cn=accounts,dc=testrelm memberHost: fqdn=hbachost.testrelm,cn=computers,cn=accounts,dc=testrelm memberHost: cn=hbachostgroup,cn=hostgroups,cn=accounts,dc=testrelm sourceHost: fqdn=fromhost.testrelm,cn=computers,cn=accounts,dc=testrelm sourceHost: cn=from_hostgroup,cn=hostgroups,cn=accounts,dc=testrelm ldapsearch on a sourceHost: >ldapsearch -D "cn=Directory Manager" -w Secret123 -b "cn=from_hostgroup,cn=hostgroups,cn=accounts,dc=testrelm" dn: cn=from_hostgroup,cn=hostgroups,cn=accounts,dc=testrelm objectClass: ipaobject objectClass: ipahostgroup objectClass: nestedGroup objectClass: groupOfNames objectClass: top objectClass: mepOriginEntry cn: from_hostgroup description: dasda ipaUniqueID: d93af63a-d4bd-11e0-9d46-00215e2032c0 memberOf: cn=from_hostgroup,cn=ng,cn=alt,dc=testrelm mepManagedEntry: cn=from_hostgroup,cn=ng,cn=alt,dc=testrelm
Going to ask for a use case for this. We don't need to display data just for the sake of displaying data.
I did find another bug that I'll fix. We don't define labels for these so the CLI doesn't show the membership.
Please see BZ for more info. I do not think this is an issue that we need to waste our time now.
master: f7753bf[[BR]] ipa-2-2: a351fbb
Metadata Update from @rcritten: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/01
Login to comment on this ticket.