By default hbacrule-find fetches 100 hbacrules, however, when you execute hbactest to simulate a user behaviour against a rule which does not fall in the list of first 100 then "Unresolved rules in --rules" error message is displayed.
https://bugzilla.redhat.com/show_bug.cgi?id=772852
Description of problem: "Unresolved rules in --rules" error message is displayed if the hbacrule is not in the first 100 hbacrules list. Version-Release number of selected component (if applicable): ipa-server-2.1.3-9.el6.x86_64 How reproducible: Always Steps to Reproduce: 1. Create more than 100 hbac rules. 2. Create one hbacrule as: # ipa hbacrule-show shanks-hbac Rule name: shanks-hbac Enabled: TRUE Users: shanks Hosts: ratchet.lab.eng.pnq.redhat.com Source Hosts: ratchet.lab.eng.pnq.redhat.com Services: sshd 3. "ipa hbacrule-find" displays only the first 100 rules it finds. Make sure your rule in Step2 is not displayed in this 100. 4. ipa hbactest --user=shanks --srchost=ratchet.lab.eng.pnq.redhat.com --host=ratchet.lab.eng.pnq.redhat.com --service=sshd --rules=shanks-hbac Actual results: --------------------------- Unresolved rules in --rules --------------------------- error: shanks-hbac Expected results: -------------------- Access granted: True -------------------- matched: shanks-hbac
attachment freeipa-abbra-0039-ticket-2230.patch
Updated patch, added documentation and sent for review.
Closing.
Pushed to ipa-2-2: 7eaf1dc
Pushed to master: 1e04e9f
Metadata Update from @shanks: - Issue assigned to abbra - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/01
Login to comment on this ticket.