Bug 2095366

Summary: [RFE] 389-ds-base systemd-sysusers
Product: Red Hat Enterprise Linux 9 Reporter: Pat Riehecky <riehecky>
Component: 389-ds-baseAssignee: Simon Pichugin <spichugi>
Status: CLOSED ERRATA QA Contact: LDAP QA Team <idm-ds-qe-bugs>
Severity: medium Docs Contact:
Priority: high    
Version: CentOS StreamCC: bsmejkal, bstinson, gkimetto, idm-ds-dev-bugs, jachapma, jpazdziora, jwboyer, mreynolds, pasik, spichugi
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: 9.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: sync-to-jira
Fixed In Version: 389-ds-base-2.2.4-4.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-11-07 08:25:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pat Riehecky 2022-06-09 16:32:38 UTC 
Description of problem:
389-ds-base is using static useradd commands rather than systemd-sysusers

Version-Release number of selected component (if applicable):389-ds-base-2.1.1-1.el9


How reproducible:
100%

Steps to Reproduce:
1. review %post scripts
2.
3.

Actual results:
/usr/sbin/useradd -r -u $ALLOCATED_UID -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME


Expected results:
use of system-sysusers 

Additional info:
https://www.freedesktop.org/software/systemd/man/systemd-sysusers.html
https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format
Comment 8 Jamie Chapman 2023-05-24 00:05:17 UTC 
Verified with the following

uname -a
5.14.0-312.el9.x86_64

cat /etc/redhat-release
Red Hat Enterprise Linux release 9.3 Beta (Plow)

ns-slapd --version
389-Directory/2.3.4 B2023.139.0000

Post Install script
# https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation
# Soft static allocation for UID and GID
# sysusers.d format https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format

# generated from 389-ds-base.sysusers
getent group 'dirsrv' >/dev/null || groupadd -f -g '389' -r 'dirsrv'
getent group 'dirsrv' >/dev/null || groupadd -f -g '389:389' -r 'dirsrv'
if ! getent passwd 'dirsrv' >/dev/null ; then
    if ! getent passwd '389:389' >/dev/null ; then
        useradd -r -u '389:389' -g 'dirsrv' -d '/usr/share/dirsrv/' -s /sbin/nologin -c 'user for 389-ds-base' 'dirsrv'
    else
        useradd -r -g 'dirsrv' -d '/usr/share/dirsrv/' -s /sbin/nologin -c 'user for 389-ds-base' 'dirsrv'
    fi
fi
Comment 9 Jan Pazdziora 2023-06-28 13:09:56 UTC 
This change causes regression bug 2218209. The command

  useradd -r -u '389:389' -g 'dirsrv' -d '/usr/share/dirsrv/' -s /sbin/nologin -c 'user for 389-ds-base' 'dirsrv'

shown in comment 8 results in

  useradd: invalid user ID '389:389'
Comment 10 Jan Pazdziora 2023-06-28 14:15:27 UTC 
I assume that the reason you likely saw the /etc/passwd entry being created in your testing on host are the file triggers that currently do not work for systemd-sysusers -- bug 2218242.
Comment 12 errata-xmlrpc 2023-11-07 08:25:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (389-ds-base bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:6350