The help for command group-remove-member says:
--external=STR Members of a trusted domain in DOM\name or name@domain form
However, the command works only when a SID is provided.
[ipa-server: ~]$ ipa group-remove-member ad_sudo_users --external='Administrator@ad.pb' [member user]: [member group]: Group name: ad_sudo_users Description: AD SUDO Users External member: S-1-5-21-3940105347-3434501867-2690409756-1106, S-1-5-21-3940105347-3434501867-2690409756-500 Member of groups: sudo_users Indirect Member of Sudo rule: sudo_users_all Failed members: member user: member group: Administrator@ad.pb: invalid 'Gettext('trusted domain object', domain='ipa', localedir=None)': Gettext('Trusted domain did not return a unique object', domain='ipa', localedir=None) --------------------------- Number of members removed 0 --------------------------- [ipa-server: ~]$ ipa group-remove-member ad_sudo_users --external='ADPB\administrator' [member user]: [member group]: Group name: ad_sudo_users Description: AD SUDO Users External member: S-1-5-21-3940105347-3434501867-2690409756-1106, S-1-5-21-3940105347-3434501867-2690409756-500 Member of groups: sudo_users Indirect Member of Sudo rule: sudo_users_all Failed members: member user: member group: ADPB\administrator: invalid 'Gettext('trusted domain object', domain='ipa', localedir=None)': Gettext('Trusted domain did not return a unique object', domain='ipa', localedir=None) --------------------------- Number of members removed 0 ---------------------------
It works when SID is used:
[ipa-server: ~]$ ipa group-remove-member ad_sudo_users --external='S-1-5-21-3940105347-3434501867-2690409756-500' [member user]: [member group]: Group name: ad_sudo_users Description: AD SUDO Users External member: S-1-5-21-3940105347-3434501867-2690409756-1106 Member of groups: sudo_users Indirect Member of Sudo rule: sudo_users_all --------------------------- Number of members removed 1 ---------------------------
The problem also applies to web ui (see the attachment).
attachment <img alt="webui.png" src="/freeipa/freeipa/issue/raw/files/2e66cd31b2af5c7bc553ad9c7fca37674e3d5ec4e1d26dae4f6782380d1a1fa0-webui.png" />
Just note that this was reproduced on a development build of FreeIPA (freeipa-server-3.2.99-0.20130715T1442Zgit0fa42af.fc18.x86_64). ab is planning to re-test with current build to make sure we did not regress.
Closing as WORKSFORME since neither Alexander nor Tomas was able to reproduce it with current development version. Please re-open if this is still an issue.
Metadata Update from @pbrezina: - Issue assigned to someone - Issue set to the milestone: 0.0 NEEDS_TRIAGE
Login to comment on this ticket.