-
Bug
-
Resolution: Done-Errata
-
Undefined
-
rhel-8.9.0
-
ipa-4.9.13-12.module+el8.10.0+22138+e77d88cf
-
None
-
Moderate
-
1
-
rhel-sst-idm-ipa
-
ssg_idm
-
5
-
Dev ack
-
False
-
-
Yes
-
Red Hat Enterprise Linux
-
2024-Q3-Bravo-S3
-
Pass
-
Automated
-
Unspecified Release Note Type - Unknown
-
-
x86_64
-
None
What were you trying to do that didn't work?
When you create a user with --uid=x, where x is a valid ID in IPA-managed IDrange, and this range has got valid rid bases, the user still fails to get SID
Please provide the package NVR for which bug is seen:
ipa-server-4.9.12-11.module+el8.9.0+20824+f2605038.x86_64
How reproducible:
always (if the range is new)
Steps to reproduce
1. create new range:
# ipa idrange-add testrange --base-id=10000 --range-size=10000 --rid-base=300000 --secondary-rid-base=400000
2. add user to this new range:
# ipa user-add testsiduser --first=test --last=test --uid=10001 --gid=10001
3. user fails to get SID:
[13/Mar/2024:12:53:42.830075280 +0100] - ERR - find_sid_for_ldap_entry - [file ipa_sidgen_common.c, line 522]: Cannot convert Posix ID [10001] into an unused SID.
[13/Mar/2024:12:53:42.831334739 +0100] - ERR - ipa_sidgen_add_post_op - [file ipa_sidgen.c, line 149]: Cannot add SID to new entry.
4. If you run sidgen task manually, it works fine, user gets sid:
[13/Mar/2024:12:55:11.966903322 +0100] - ERR - sidgen_task_thread - [file ipa_sidgen_task.c, line 194]: Sidgen task starts ... [13/Mar/2024:12:55:11.988008575 +0100] - ERR - sidgen_task_thread - [file ipa_sidgen_task.c, line 199]: Sidgen task finished [0].
# ipa user-show --all testsiduser | grep ipantsecurityidentifier ipantsecurityidentifier: S-1-5-21-1376517128-3415768394-3708681247-300001
Expected results
User gets SID
Actual results
User doesn't get SID automatically when --uid is specified
Additional info
Works if the range is new. If you add a user, run sidgen manually, then add second user, it will get correct SID.
- links to
-
RHBA-2024:136628
idm:DL1 and idm:client bug fix update