https://bugzilla.redhat.com/show_bug.cgi?id=784329 (Red Hat Enterprise Linux 6)
Description of problem: ipa permission-add works if --memberof group entry does not exist. It should fail in this scenario like it does when group entry does not exist. 1> There is no group - xyz # ipa group-find xyz ---------------- 0 groups matched ---------------- ---------------------------- Number of entries returned 0 ---------------------------- 2> Add a permission, and specify memberof to be the above mentioned group: # ipa permission-add ManageHost --permissions="write" --subtree=cn=computers,cn=accounts,dc=testrelm,dc=com --memberof=xyz ----------------------------- Added permission "ManageHost" ----------------------------- Permission name: ManageHost Permissions: write Member of group: xyz Subtree: ldap:///cn=computers,cn=accounts,dc=testrelm,dc=com Version-Release number of selected component (if applicable): ipa-server-2.2.0-101.20120117T0229zgit5febffb.el6.x86_64 How reproducible: always Steps to Reproduce: 1. As mentioned above Actual results: permission is added Expected results: the group should not be allowed to be specified, since it does not exit yet. Additional info: There is bug 783307 for delegation displaying same behaviour
master: 616d543[[BR]] ipa-2-2: 93a1a38
Metadata Update from @dpal: - Issue assigned to ohamada - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/02
Login to comment on this ticket.