https://bugzilla.redhat.com/show_bug.cgi?id=736455
Description of problem: For a Sudo Rule, after a hostgroup or usergroup is added to its list, it still list members of the group when adding hosts or users Version-Release number of selected component (if applicable): ipa-server-2.1.1-1.el6.x86_64 How reproducible: always Steps to Reproduce: 1. Add a host, hostgroup. Add the host as a member to this hostgroup 2. Add a Sudo rule, Edit it 3. Add the hostgroup to its list in Accessing section 4. Add a host in Accessing section Actual results: host which is member of the hostgroup is listed Expected results: host which is member of the hostgroup should not be listed, since the hostgroup is already added to the list Additional info: Same scenario - when adding users that already belong to a usergroup which is already added to Sudo Rule in Who section. the user is listed, but should not be. This host adder dialog in HBAC works as expected. The cli output is as expected as well: -- ADD HOSTGROUP TO SUDO RULE -- ipa sudorule-add-host --hostgroups=testhostgroup qesudorule Rule name: qesudorule Enabled: TRUE Host Groups: testhostgroup ------------------------- Number of members added 1 ------------------------- -- RUN HOST-FIND -- ipa host-find --not-in-sudorule=qesudorule --------------- 1 host matched --------------- Host name: qe-blade-05.testrelm Principal name: host/qe-blade-05.testrelm@TESTRELM Keytab: True Password: False Managed by: qe-blade-05.testrelm ---------------------------- Number of entries returned 1 ---------------------------- ipa host-find --in-sudorule=qesudorule -------------- 1 host matched -------------- Host name: qehost.testrelm Principal name: host/qehost.testrelm@TESTRELM Keytab: False Password: False Member of host-groups: testhostgroup Indirect Member of netgroup: testhostgroup Managed by: qehost.testrelm ---------------------------- Number of entries returned 1 ----------------------------
Fixed in: - master: a95b44f - ipa-2-1: 68a468f
Metadata Update from @dpal: - Issue assigned to edewata - Issue set to the milestone: FreeIPA 2.1.2 (bug fixing)
Login to comment on this ticket.