Bug 1283592

Summary: sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)
Product: Red Hat Enterprise Linux 7 Reporter: Sudhir Menon <sumenon>
Component: sssdAssignee: SSSD Maintainers <sssd-maint>
Status: CLOSED ERRATA QA Contact: Steeve Goveas <sgoveas>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 7.2CC: ekeck, grajaiya, jgalipea, jhrozek, jkurik, lslebodn, mkosek, mzidek, nsoman, pbrezina, sbose, sgoveas, sumenon
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: sssd-1.13.0-41.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1284814 1285852 (view as bug list) Environment:
Last Closed: 2016-11-04 07:12:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1284814, 1285852    

Description Sudhir Menon 2015-11-19 11:25:23 UTC 
Description of problem: "[sysdb_add_user] (0x0400): Error: 17 (File exists)" is displayed when id command is run on the ipaclient  post ipa-winsync-migrate

Version-Release number of selected component (if applicable):
sssd-1.13.0-40.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Set up winsync replica agreement
ipa-replica-manage connect --winsync --passsync=password --cacert=/etc/dirsrv/slapd-QE01-TEST/ADCert.cer win-i94qhqmthd4.adlabs.com --binddn "cn=Administrator,cn=Users,dc=adlabs,dc=com" --bindpw **** -vvv -p ****

2. Ensure users are synced from AD to IPA
3. Now create two way trust with same AD 
4. Ensure trust is setup 
5. Now run ipa-winsync-migrate 

e.g ipa-winsync-migrate --realm=adlabs.com --server=win-i94qhqmthd4.adlabs.com -v

6. Run id on the IPA-server and it displays the correct output
[root@mac1 sssd]# id aduser04
uid=291400014(aduser04) gid=291400014(aduser04) groups=291400014(aduser04),1436800513(domain users)

7. Run id on the IPA-client


Actual results:
on the IPA-client when the id command is run it displays the below output

[root@mac2 ~]# id aduser04
id: aduser04: no such user


Expected results:
id command should display the same output as in IPA-server on the IPA-client
uid=291400014(aduser04) gid=291400014(aduser04) groups=291400014(aduser04),1436800513(domain users)

Additional info: 
Fix is seen in scratch build given by Sumit.
Comment 2 Sumit Bose 2015-11-19 11:29:45 UTC 
It looks like winsync-migrate adds the user name to the override object even it is hasn't changed. Unfortunately SSSD tries to add the same name twice to the namaAlias cache attribute which causes the failure seen above.
Comment 4 Jakub Hrozek 2015-11-19 12:03:39 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2874
Comment 6 Jakub Hrozek 2015-11-20 14:02:33 UTC 
Fixed upstream:

* master: aedc71fe8360a51785933523f14bb5c4e7e2c38b
* sssd-1-13: 957ec390252128d89479606341ebd7f4f35d785f
Comment 7 Jakub Hrozek 2015-11-20 14:03:18 UTC 
Please qa_ack so the bug can be included in RHEL
Comment 11 Martin Kosek 2015-11-23 09:34:36 UTC 
Increasing priority and severity, given this makes the migration broken.
Comment 16 Sudhir Menon 2016-07-21 07:13:43 UTC 
Fix is seen.
Verified using ipa-server-4.4.0-2.1.el7.x86_64

[root@server ~]# id user1
uid=558001403(user1) gid=558001403(user1) groups=558001403(user1)
[root@server ~]# id user5
uid=558001419(user5) gid=558001419(user5) groups=558001419(user5)


[root@client ~]# id user1
uid=558001403(user1) gid=558001403(user1) groups=558001403(user1)
[root@client ~]# id user5
uid=558001419(user5) gid=558001419(user5) groups=558001419(user5)
Comment 18 errata-xmlrpc 2016-11-04 07:12:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-2476.html