- **status**: unassigned --> accepted
- **assigned_to**: Vu Minh Nguyen --> Huynh Minh Thien
---
** [tickets:#3043] imm: non-local user cannot access IMM when accessControlMode
is in ENFORCED**
**Status:** accepted
**Milestone:** 5.20.01
**Created:** Wed May 22, 2019 08:20 AM UTC by Vu Minh Nguyen
**Last Updated:** Mon Oct 21, 2019 03:29 AM UTC
**Owner:** Huynh Minh Thien
Users that are remote to the system but can log in to the system such as users
in external databases like NIS or LDAP are not able to access IMM when
accessControlMode is in ENFORCED. The information of these users does not exist
in /etc/passwd or /etc/group.
Looking at syslog, IMM gets correct uid but claims 'user id does not exist'.
However, when restarting the IMMND, IMM is able to find user information for
such user uid, but can't fetch groups that belong to the non-local user.
testme@SC-1:~> id
uid=702(testme) gid=325(system-test)
groups=325(system-test),315(imm-users),316(test-users)
> Apr 30 13:30:37 SC-1 osafimmnd[14419]: WA osaf_user_is_member_of_group: user
> id 702 does not exist
> Apr 30 13:30:37 SC-1: NOTICE: immlist -t 3600
> opensafImm=opensafImm,safApp=safImmService returned error - saImmOmInitialize
> FAILED: SA_AIS_ERR_ACCESS_DENIED (38)
---
Sent from sourceforge.net because opensaf-tickets@lists.sourceforge.net is
subscribed to https://sourceforge.net/p/opensaf/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://sourceforge.net/p/opensaf/admin/tickets/options. Or, if this is a
mailing list, you can unsubscribe from the mailing list.
_______________________________________________
Opensaf-tickets mailing list
Opensaf-tickets@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets
