[Freeipa-devel] [PATCH] 0002 Add missing error message when adding duplicate external member to group

Rob Crittenden rcritten at redhat.com
Thu Mar 14 14:47:07 UTC 2013 

Ana Krivokapic wrote:
> On 02/19/2013 09:46 PM, Rob Crittenden wrote:
>> Ana Krivokapic wrote:
>>> When adding a duplicate member to a group, an error message is issued,
>>> informing the user that the entry is already a member of the group. This
>>> message was missing in case of an external member.
>>>
>>> Ticket: https://fedorahosted.org/freeipa/ticket/3254
>>
>> This works ok but the sister command, group-remove-member, has the
>> same problem. Can you add a fix there as well?
>>
>> I don't know if there is a way to add a unit test for this since the
>> external member is validated meaning we'd need to set up trusts as
>> well. It might be nice to have an optional test that can be run when a
>> trust is configured to avoid regressions.
>>
>> rob
>>
> I fixed the group-remove-member command and added unit tests which can
> be run when the trust is established (they will be skipped when the
> trust is not established).
>
> I also noticed that, in contrast to group-add-member,
> group-remove-member did not allow the format 'AD\name' or
> 'name at ad.domain.com' for the --external option. I included this fix in
> the patch, so the two user friendly formats are now supported.
>
> Updated patch is attached.
>

Remove member is still not working for me:

$ ipa group-remove-member ad_admins_external --external 'AD\Domain Admins'
[member user]:
[member group]:
   Group name: ad_admins_external
   Description: ad.greyoak.com admins external map
   External member: S-1-5-21-2065961537-1042332738-1594543940-512

$ ipa group-remove-member ad_admins_external --external 
'S-1-5-21-2065961537-1042332738-1594543940-512'
[member user]:
[member group]:
   Group name: ad_admins_external
   Description: ad.greyoak.com admins external map
   External member:
---------------------------
Number of members removed 1
---------------------------

Removing it again doesn't return an error:

$ ipa group-remove-member ad_admins_external --external 
'S-1-5-21-2065961537-1042332738-1594543940-512'
[member user]:
[member group]:

   Group name: ad_admins_external
   Description: ad.greyoak.com admins external map
---------------------------
Number of members removed 0
---------------------------

rob

More information about the Freeipa-devel mailing list