Issue #5029: idoverride group-del can delete user ov. and user-del can delete group ov. - freeipa

freeipa

#5029 idoverride group-del can delete user ov. and user-del can delete group ov.

Closed: Fixed None Opened 8 years ago by pvoborni.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1222778

Description of problem:
idoverride group-del can delete user override and user-del can delete group override

Version-Release number of selected component (if applicable):
ipa-server-4.1.0-18.el7_1.3.x86_64

How reproducible:
always

Steps to Reproduce:

[root@sideswipe ~]# ipa idoverridegroup-del 'default trust view'
aduser1@pune.adtest.qe
--------------------------------------------------
Deleted Group ID override "aduser1@pune.adtest.qe"
--------------------------------------------------

[root@sideswipe ~]# ipa idoverrideuser-find 'default trust view'
--------------------------
1 User ID override matched
--------------------------
  Anchor to override: aduser07@adtest.qe
  User login: syncuser07
----------------------------
Number of entries returned 1
----------------------------

[root@sideswipe ~]# ipa idoverridegroup-del 'default trust view'
aduser07@adtest.qe
----------------------------------------------
Deleted Group ID override "aduser07@adtest.qe"
----------------------------------------------

[root@sideswipe ~]# ipa idoverrideuser-find 'default trust view'
---------------------------
0 User ID overrides matched
---------------------------
----------------------------
Number of entries returned 0
----------------------------

[root@sideswipe ~]# ipa idoverridegroup-find 'default trust view'
----------------------------
2 Group ID overrides matched
----------------------------
  Anchor to override: adgroup1@adtest.qe
  GID: 12121212

  Anchor to override: adgroup1@pune.adtest.qe
  GID: 5555557
----------------------------
Number of entries returned 2
----------------------------

[root@sideswipe ~]# ipa idoverrideuser-del 'default trust view'
adgroup1@adtest.qe
---------------------------------------------
Deleted User ID override "adgroup1@adtest.qe"
---------------------------------------------

[root@sideswipe ~]# ipa idoverridegroup-find 'default trust view'
---------------------------
1 Group ID override matched
---------------------------
  Anchor to override: adgroup1@pune.adtest.qe
  GID: 5555557
----------------------------
Number of entries returned 1
----------------------------

tbabej commented 8 years ago

master:

970a553 dcerpc: Add get_trusted_domain_object_type method
e0d3231 idviews: Restrict anchor to name and name to anchor conversions
aa066f3 idviews: Enforce objectclass check in idoverride*-del

ipa-4-2:

fe74c83 dcerpc: Add get_trusted_domain_object_type method
68e00cf idviews: Restrict anchor to name and name to anchor conversions
a60f4ad idviews: Enforce objectclass check in idoverride*-del

Metadata Update from @pvoborni:
- Issue assigned to tbabej
- Issue set to the milestone: FreeIPA 4.1.5

7 years ago

Metadata

Assignee

tbabej

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.1.5

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1222778

tester

None

changelog

None

design

None

freeipa

Source Code

#5029 idoverride group-del can delete user ov. and user-del can delete group ov. Closed: Fixed None Opened 8 years ago by pvoborni.

Metadata

#5029 idoverride group-del can delete user ov. and user-del can delete group ov.

Closed: Fixed None Opened 8 years ago by pvoborni.