- **status**: review --> fixed
- **Comment**:
commit 37a81d9aedead951488eab02d957abb080d1f8b9 (HEAD -> develop,
origin/develop)
Author: thien.m.huynh <[email protected]>
Date: Thu Feb 13 17:21:49 2020 +0700
imm: fix non-local user cannot access IMM when accessControlMode is in
ENFORCED [#3043]
---
** [tickets:#3043] imm: non-local user cannot access IMM when accessControlMode
is in ENFORCED**
**Status:** fixed
**Milestone:** 5.20.05
**Created:** Wed May 22, 2019 08:20 AM UTC by Vu Minh Nguyen
**Last Updated:** Sat Feb 15, 2020 02:04 AM UTC
**Owner:** Huynh Minh Thien
Users that are remote to the system but can log in to the system such as users
in external databases like NIS or LDAP are not able to access IMM when
accessControlMode is in ENFORCED. The information of these users does not exist
in /etc/passwd or /etc/group.
Looking at syslog, IMM gets correct uid but claims 'user id does not exist'.
However, when restarting the IMMND, IMM is able to find user information for
such user uid, but can't fetch groups that belong to the non-local user.
testme@SC-1:~> id
uid=702(testme) gid=325(system-test)
groups=325(system-test),315(imm-users),316(test-users)
> Apr 30 13:30:37 SC-1 osafimmnd[14419]: WA osaf_user_is_member_of_group: user
> id 702 does not exist
> Apr 30 13:30:37 SC-1: NOTICE: immlist -t 3600
> opensafImm=opensafImm,safApp=safImmService returned error - saImmOmInitialize
> FAILED: SA_AIS_ERR_ACCESS_DENIED (38)
---
Sent from sourceforge.net because [email protected] is
subscribed to https://sourceforge.net/p/opensaf/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://sourceforge.net/p/opensaf/admin/tickets/options. Or, if this is a
mailing list, you can unsubscribe from the mailing list._______________________________________________
Opensaf-tickets mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets
