Bug 2000420

Summary: Not able to preserve users using "ipa user-del --preserve"
Product: Red Hat Enterprise Linux 9 Reporter: Varun Mylaraiah <mvarun>
Component: 389-ds-baseAssignee: Simon Pichugin <spichugi>
Status: CLOSED CURRENTRELEASE QA Contact: RHDS QE <ds-qe-bugs>
Severity: high Docs Contact:
Priority: urgent    
Version: 9.0CC: ldap-maint, lmiksik, mreynolds, rcritten, sgouvern, spichugi, tbordaz, tscherf
Target Milestone: rcKeywords: Regression, Triaged
Target Release: 9.0 BetaFlags: pm-rhel: mirror+
Hardware: x86_64   
OS: Linux   
Whiteboard: sync-to-jira
Fixed In Version: 389-ds-base-2.0.8-6.el9_b Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2005028 2011397 (view as bug list) Environment:
Last Closed: 2021-12-07 21:24:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2005028, 2011397    

Description Varun Mylaraiah 2021-09-02 06:38:41 UTC 
Description of problem:
In Rhel 9.0 Beta, not able to delete and preserve users using "ipa user-del --preserve"

Version-Release number of selected component (if applicable):
ipa-server-4.9.6-6.el9.x86_64

How reproducible:
Always

Steps to Reproduce:

[root@master ~]# ipa user-add testuser9-beta
First name: rhel
Last name: 9-beta
---------------------------
Added user "testuser9-beta"
---------------------------
  User login: testuser9-beta
  First name: rhel
  Last name: 9-beta
  Full name: rhel 9-beta
  Display name: rhel 9-beta
  Initials: r9
  Home directory: /home/testuser9-beta
  GECOS: rhel 9-beta
  Login shell: /bin/sh
  Principal name: testuser9-beta
  Principal alias: testuser9-beta
  Email address: testuser9-beta
  UID: 565200021
  GID: 565200021
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False

[root@master ~]# ipa user-del testuser9-beta --preserve
ipa: ERROR: This entry already exists

[root@master ~]# ipa user-show testuser9-beta
  User login: testuser9-beta
  First name: rhel
  Last name: 9-beta
  Home directory: /home/testuser9-beta
  Login shell: /bin/sh
  Principal name: testuser9-beta
  Principal alias: testuser9-beta
  Email address: testuser9-beta
  UID: 565200021
  GID: 565200021
  Account disabled: False
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False


Actual results:
[root@master ~]# ipa user-del testuser9-beta --preserve
ipa: ERROR: This entry already exists

Expected results:
Users should delete and preserve for future use.


Additional info:
in RHEL8.5
==========
[root@master ~]# ipa user-add testuser85
First name: rhel
Last name: 85
-----------------------
Added user "testuser85"
-----------------------
  User login: testuser85
  First name: rhel
  Last name: 85
  Full name: rhel 85
  Display name: rhel 85
  Initials: r8
  Home directory: /home/testuser85
  GECOS: rhel 85
  Login shell: /bin/sh
  Principal name: testuser85
  Principal alias: testuser85
  Email address: testuser85
  UID: 60000007
  GID: 60000007
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False


[root@master ~]# ipa user-del testuser85 --preserve
-------------------------
Deleted user "testuser85"
-------------------------


[root@master ~]# ipa user-show testuser85
  User login: testuser85
  First name: rhel
  Last name: 85
  Home directory: /home/testuser85
  Login shell: /bin/sh
  Principal name: testuser85
  Principal alias: testuser85
  Email address: testuser85
  UID: 60000007
  GID: 60000007
  Account disabled: True
  Preserved user: True
  Password: False
  Kerberos keys available: False
Comment 1 Florence Blanc-Renaud 2021-09-02 06:42:49 UTC 
Upstream ticket:
https://pagure.io/freeipa/issue/8976
Comment 2 Florence Blanc-Renaud 2021-09-02 06:46:06 UTC 
The issue was also seen upstream, since the release of 389-ds-base 2.0.8.
Additional information in the 389ds github ticket https://github.com/389ds/389-ds-base/issues/4894

The problem seems related to attribute uniqueness plugin. Moving the issue to 389-ds component
Comment 9 sgouvern 2021-09-21 13:42:22 UTC 
With 389-ds-base-2.0.8-5.el9.x86_64

# PYTHONPATH=src/lib389 py.test -v dirsrvtests/tests/suites/plugins/attruniq_test.py 
re-exec with libfaketime dependencies
========================================================== test session starts ==========================================================
platform linux -- Python 3.9.7, pytest-5.4.3, py-1.10.0, pluggy-0.13.1 -- /usr/bin/python3
cachedir: .pytest_cache
metadata: {'Python': '3.9.7', 'Platform': 'Linux-5.14.0-2.el9.x86_64-x86_64-with-glibc2.34', 'Packages': {'pytest': '5.4.3', 'py': '1.10.0', 'pluggy': '0.13.1'}, 'Plugins': {'metadata': '1.11.0', 'html': '3.1.1', 'libfaketime': '0.1.2', 'flaky': '3.7.0'}}
389-ds-base: 2.0.8-5.el9
nss: 3.67.0-13.el9
nspr: 4.32.0-2.el9
openldap: 2.4.57-8.el9
cyrus-sasl: 2.1.27-17.el9
FIPS: disabled
rootdir: /mnt/tests/rhds/tests/upstream/ds/dirsrvtests, inifile: pytest.ini
plugins: metadata-1.11.0, html-3.1.1, libfaketime-0.1.2, flaky-3.7.0
collected 1 item                                                                                                                        

dirsrvtests/tests/suites/plugins/attruniq_test.py::test_modrdn_attr_uniqueness PASSED                                             [100%]

========================================================== 1 passed in 16.61s ===========================================================

marking as verified:tested
Comment 14 sgouvern 2021-09-24 09:21:18 UTC 
As per comment 9 marking as VERIFIED