Issue #3815: unable to remove external group member - freeipa

freeipa

#3815 unable to remove external group member

Closed: Invalid None Opened 10 years ago by pbrezina.

The help for command group-remove-member says:

--external=STR Members of a trusted domain in DOM\name or name@domain form

However, the command works only when a SID is provided.

[ipa-server: ~]$ ipa group-remove-member ad_sudo_users --external='Administrator@ad.pb'
[member user]: 
[member group]: 
  Group name: ad_sudo_users
  Description: AD SUDO Users
  External member: S-1-5-21-3940105347-3434501867-2690409756-1106, S-1-5-21-3940105347-3434501867-2690409756-500
  Member of groups: sudo_users
  Indirect Member of Sudo rule: sudo_users_all
  Failed members: 
    member user: 
    member group: Administrator@ad.pb: invalid 'Gettext('trusted domain object', domain='ipa', localedir=None)': Gettext('Trusted domain did not return a unique object', domain='ipa', localedir=None)
---------------------------
Number of members removed 0
---------------------------

[ipa-server: ~]$ ipa group-remove-member ad_sudo_users --external='ADPB\administrator'
[member user]: 
[member group]: 
  Group name: ad_sudo_users
  Description: AD SUDO Users
  External member: S-1-5-21-3940105347-3434501867-2690409756-1106, S-1-5-21-3940105347-3434501867-2690409756-500
  Member of groups: sudo_users
  Indirect Member of Sudo rule: sudo_users_all
  Failed members: 
    member user: 
    member group: ADPB\administrator: invalid 'Gettext('trusted domain object', domain='ipa', localedir=None)': Gettext('Trusted domain did not return a unique object', domain='ipa', localedir=None)
---------------------------
Number of members removed 0
---------------------------

It works when SID is used:

[ipa-server: ~]$ ipa group-remove-member ad_sudo_users --external='S-1-5-21-3940105347-3434501867-2690409756-500'
[member user]: 
[member group]: 
  Group name: ad_sudo_users
  Description: AD SUDO Users
  External member: S-1-5-21-3940105347-3434501867-2690409756-1106
  Member of groups: sudo_users
  Indirect Member of Sudo rule: sudo_users_all
---------------------------
Number of members removed 1
---------------------------

The problem also applies to web ui (see the attachment).

pbrezina commented 10 years ago

attachment

mkosek commented 10 years ago

Just note that this was reproduced on a development build of FreeIPA (freeipa-server-3.2.99-0.20130715T1442Zgit0fa42af.fc18.x86_64). ab is planning to re-test with current build to make sure we did not regress.

mkosek commented 10 years ago

Closing as WORKSFORME since neither Alexander nor Tomas was able to reproduce it with current development version. Please re-open if this is still an issue.

Metadata Update from @pbrezina:
- Issue assigned to someone
- Issue set to the milestone: 0.0 NEEDS_TRIAGE

7 years ago

Metadata

Assignee

someone

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

0.0 NEEDS_TRIAGE

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

None

tester

None

changelog

None

design

None

Attachments 1

webui.png

Attached 10 years ago View Comment

freeipa

Source Code

#3815 unable to remove external group member Closed: Invalid None Opened 10 years ago by pbrezina.

Metadata

Attachments 1

#3815 unable to remove external group member

Closed: Invalid None Opened 10 years ago by pbrezina.