Hello,
I installed a CentOS 7.7 which comes with freeipa 4.6.5.11 and I
confirm the issue is no longer here. Thanks
E.A.
Le mer. 25 sept. 2019 à 01:57, Rob Crittenden <rcritten(a)redhat.com> a écrit :
>
> Eugène Adell via FreeIPA-users wrote:
> > Hello,
> >
> > I am using freeipa 4.5.0.21 (full details below) and I noticed a weird
> > behaviour. When getting informations about a server with a regular
> > user, it won't show the server roles while these roles will be given
> > when checking the server roles themselves. In this case the roles are
> > of 'configured' status instead of 'enabled' (which is probably
what
> > would be expected).
> > As it's not documented in the official Guide and I didn't find
> > anything in the mail archive, I believe some clarification is needed.
> > Should server roles be found through some commands but not others ? Is
> > there any security issue of showing them always ?
>
> I think it may have been fixed as part of
>
https://pagure.io/freeipa/issue/7566 in 4.6.5. It was fixed in the 4.5
> branch but a new release hasn't been made on that branch, and may never be.
>
> rob
>
> >
> > (user)
> > # ipa server-show srv3.idm.local --all
> > dn: cn=srv3.idm.local,cn=masters,cn=ipa,cn=etc,dc=idm,dc=local
> > Server name: srv3.idm.local
> > Enabled server roles:
> > objectclass: top, nsContainer, ipaReplTopoManagedServer,
> > ipaConfigObject, ipaSupportedDomainLevelConfig
> >
> > (user)
> > # ipa server-role-show srv3.idm.local 'NTP server'
> > Server name: srv3.idm.local
> > Role name: NTP server
> > Role status: configured
> >
> > (admin)
> > # ipa server-show srv3.idm.local --all
> > dn: cn=srv3.idm.local,cn=masters,cn=ipa,cn=etc,dc=idm,dc=local
> > Server name: srv3.idm.local
> > Managed suffixes: domain, ca
> > Min domain level: 0
> > Max domain level: 1
> > Enabled server roles: CA server, DNS server, NTP server
> > objectclass: top, nsContainer, ipaReplTopoManagedServer,
> > ipaConfigObject, ipaSupportedDomainLevelConfig
> >
> > # yum info ipa-server -v
> > Loading "fastestmirror" plugin
> > Config time: 0.008
> > Yum version: 3.4.3
> > rpmdb time: 0.000
> > Setting up Package Sacks
> > Loading mirror speeds from cached hostfile
> > pkgsack time: 0.004
> > Installed Packages
> > Name : ipa-server
> > Arch : x86_64
> > Version : 4.5.0
> > Release : 21.el7.centos.2.2
> > Size : 1.0 M
> > Repo : installed
> > From repo : ipa
> > Committer : Johnny Hughes <johnny(a)centos.org>
> > Committime : Thu Oct 19 14:00:00 2017
> > Buildtime : Thu Oct 19 22:52:09 2017
> > Install time: Mon Sep 23 21:46:46 2019
> > Installed by: root <root>
> > Changed by : System <unset>
> > Summary : The IPA authentication server
> > URL :
http://www.freeipa.org/
> > Licence : GPLv3+
> > Description : IPA is an integrated solution to provide centrally
> > managed Identity (users,
> > : hosts, services), Authentication (SSO, 2FA), and Authorization
> > : (host access control, SELinux user roles, services). The
> > solution provides
> > : features for further integration with Linux based
> > clients (SUDO, automount)
> > : and integration with Active Directory based
> > infrastructures (Trusts).
> > : If you are installing an IPA server, you need to install
> > this package.
> >
> > # cat /etc/*release*
> > CentOS Linux release 7.4.1708 (Core)
> > Derived from Red Hat Enterprise Linux 7.4 (Source)
> > NAME="CentOS Linux"
> > VERSION="7 (Core)"
> > ID="centos"
> > ID_LIKE="rhel fedora"
> > VERSION_ID="7"
> > PRETTY_NAME="CentOS Linux 7 (Core)"
> > ANSI_COLOR="0;31"
> > CPE_NAME="cpe:/o:centos:centos:7"
> >
HOME_URL="https://www.centos.org/"
> >
BUG_REPORT_URL="https://bugs.centos.org/"
> >
> > CENTOS_MANTISBT_PROJECT="CentOS-7"
> > CENTOS_MANTISBT_PROJECT_VERSION="7"
> > REDHAT_SUPPORT_PRODUCT="centos"
> > REDHAT_SUPPORT_PRODUCT_VERSION="7"
> >
> > CentOS Linux release 7.4.1708 (Core)
> > CentOS Linux release 7.4.1708 (Core)
> > cpe:/o:centos:centos:7
> >
> > Best regards
> > Eugene
> > _______________________________________________
> > FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> > To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> > Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
> >
>