Bug 498279

Summary: ipa user-add unable to define uid
Product: [Retired] freeIPA Reporter: Jenny Severance <jgalipea>
Component: ipa-serverAssignee: Rob Crittenden <rcritten>
Status: CLOSED CURRENTRELEASE QA Contact: Chandrasekar Kannan <ckannan>
Severity: urgent Docs Contact:
Priority: high    
Version: 2.0CC: benl, dpal, jgalipea, mgregg
Target Milestone: v2 release   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-09-16 16:45:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 431020    

Description Jenny Severance 2009-04-29 17:42:19 UTC 
Description of problem:

If you define a uid with user-add you get the following error:

[root@jennyv2 schema]# ipa user-add --first Mickey --last Mouse --home /home/mmouse/ --shell /bin/bash --principal mmouse.com --uid mmouse --gecos "Mickey Mouse" 
user [mmouse]: Secret123
ipa: ERROR: invalid 'uidnumber': must be an integer

Subsequently, not defining uid results in:

[root@jennyv2 schema]# ipa user-add --first Mickey --last Mouse --home /home/mmouse/ --shell /bin/bash --principal mmouse.com --gecos "Mickey Mouse"
user [mmouse]: Secret123
ipa: ERROR: This entry already exists

But the user is not in the directory server:

[root@jennyv2 schema]# ldapsearch -x -D "cn=Directory Manager" -w Secret123 -b "cn=users,cn=accounts,dc=bos,dc=redhat,dc=com"

# extended LDIF
#
# LDAPv3
# base <cn=users,cn=accounts,dc=bos,dc=redhat,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# users, accounts, bos.redhat.com
dn: cn=users,cn=accounts,dc=bos,dc=redhat,dc=com
objectClass: top
objectClass: nsContainer
cn: users

# admin, users, accounts, bos.redhat.com
dn: uid=admin,cn=users,cn=accounts,dc=bos,dc=redhat,dc=com
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: KrbPrincipalAux
objectClass: inetUser
uid: admin
krbPrincipalName: admin.COM
cn: Administrator
sn: Administrator
uidNumber: 999
gidNumber: 1001
homeDirectory: /home/admin
loginShell: /bin/bash
gecos: Administrator
memberOf: cn=admins,cn=groups,cn=accounts,dc=bos,dc=redhat,dc=com
krbPrincipalKey:: MIICUqADAgEBoQMCAQGiAwIBAaMDAgEApIICOjCCAjYwa6AeMBygAwIBAKEV
 BBNCT1MuUkVESEFULkNPTWFkbWluoUkwR6ADAgESoUAEPiAAJsWPCts/Z7ObNOOig5emmfLZvluml
 Pb87bTKJDCgUd8ZVZl+5EpicPczctC6dH3LhOLnZNf7w1j3yj3FMFugHjAcoAMCAQChFQQTQk9TLl
 JFREhBVC5DT01hZG1pbqE5MDegAwIBEaEwBC4QACtpO3DXwPgkHV9u1nGfUcMZHjstkPWiRYWCd/q
 AN+2ACbQGEK2moOZPDB3OMGOgHjAcoAMCAQChFQQTQk9TLlJFREhBVC5DT01hZG1pbqFBMD+gAwIB
 EKE4BDYYAEKCwmR6Uz91pX6sE6qG13by0wGmpAqeBfCpfQMEIiLqWetpGkDwZeUopUuouDGSG4uuj
 RkwW6AeMBygAwIBAKEVBBNCT1MuUkVESEFULkNPTWFkbWluoTkwN6ADAgEXoTAELhAA3KnBV9Pt1N
 r1vqksChQPLegytZdHPcd6hHi1zmFsE+0loFqdLwpeaLaVgyMwU6AeMBygAwIBAKEVBBNCT1MuUkV
 ESEFULkNPTWFkbWluoTEwL6ADAgEIoSgEJggAZTOQh3HEAYeUtPSH1KP2dmlWA64JXorp7dKJbljw
 l2/JU4gvMFOgHjAcoAMCAQChFQQTQk9TLlJFREhBVC5DT01hZG1pbqExMC+gAwIBA6EoBCYIAJ069
 gj1YCMc1ad9KKkR8rRaa7yrTFr3u568OzDzgqd5DSB3PQ==
krbLastPwdChange: 20090429160546Z
krbPasswordExpiration: 20090728160546Z
userPassword:: e1NTSEF9bDZmcjZrbUhrWk82OWlhbTNSc0FHeVVJN1BzUEVIVE05YW9sMEE9PQ=
 =

# secret123, users, accounts, bos.redhat.com
dn: uid=secret123,cn=users,cn=accounts,dc=bos,dc=redhat,dc=com
uid: secret123
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: inetUser
objectClass: posixAccount
objectClass: krbPrincipalAux
objectClass: radiusprofile
loginShell: /bin/bash
gidNumber: 1002
gecos: secret123
sn: Galipeau
homeDirectory: /home/jenny/
krbPrincipalName: jenny
givenName: Jenny
cn: Jenny Galipeau
userPassword:: e1NTSEF9Q3FhUHZTNlhNODI4WHBzaG84UThuUWtQZFNtV2pVYzBEeU5Ia3c9PQ=
 =
uidNumber: 1101
krbPrincipalKey:: MIICUqADAgEBoQMCAQGiAwIBAaMDAgEApIICOjCCAjYwa6AeMBygAwIBAKEV
 BBNCT1MuUkVESEFULkNPTWplbm55oUkwR6ADAgESoUAEPiAAEYVeFqqZFY5ovxwvsxmcm3FZT1SW7
 ttre23MRuQbHBZ39Eatvt/Xeg1IHgLwz4ZfyfdTpD3hJi3WXz1yMFugHjAcoAMCAQChFQQTQk9TLl
 JFREhBVC5DT01qZW5ueaE5MDegAwIBEaEwBC4QAEDMmq3TJffEL3HD8BObrOsQrlAQe4LcrIxcEr6
 uJVJsEwvJcEpfSqPjKFRsMGOgHjAcoAMCAQChFQQTQk9TLlJFREhBVC5DT01qZW5ueaFBMD+gAwIB
 EKE4BDYYAGV+t4omIaK/per02gKtpkPDp7OKjFRhJ6qKbISPinSUPwvMqqnAF3er1KcshdoplAiAr
 pgwW6AeMBygAwIBAKEVBBNCT1MuUkVESEFULkNPTWplbm55oTkwN6ADAgEXoTAELhAASLgzzcZ7qa
 ktgg+wZni2QLlzDxorkaDpZh0f6VuCfjuOMuFj8Dxr6ewMgCYwU6AeMBygAwIBAKEVBBNCT1MuUkV
 ESEFULkNPTWplbm55oTEwL6ADAgEIoSgEJggAlX0NKOXQQwSkR4wGb7g2exjBynan9SQyst9qD1+I
 gIZIIYG7MFOgHjAcoAMCAQChFQQTQk9TLlJFREhBVC5DT01qZW5ueaExMC+gAwIBA6EoBCYIAHi6s
 6PMetldVIjOHPQ+OaidzhaeuCb6+/4yp2CSu+NsC+VwGg==
krbLastPwdChange: 20090429165258Z
krbPasswordExpiration: 20090429165258Z
memberOf: cn=ipausers,cn=groups,cn=accounts,dc=bos,dc=redhat,dc=com

# search result
search: 2
result: 0 Success

# numResponses: 4
# numEntries: 3



Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. install ipa server
2. add user with uid defined:

   ipa user-add --first Mickey --last Mouse --home /home/mmouse/ --shell /bin/bash --principal mmouse.com --uid mmouse --gecos "Mickey Mouse

3. remove --uid mmouse

  ipa user-add --first Mickey --last Mouse --home /home/mmouse/ --shell /bin/bash --principal mmouse.com --gecos "Mickey Mouse
  
4. search for the user in the directory:
   ldapsearch -x -D "cn=Directory Manager" -w Secret123 -b "cn=users,cn=accounts,dc=bos,dc=redhat,dc=com"

Actual results:
step 2 successful in adding user

Expected results:


Additional info:
Comment 1 Rob Crittenden 2009-04-29 17:58:10 UTC 
This reflects a disconnect between LDAP naming and unix naming.

uid in LDAP is the user id. uid in unix is the uid number.

So in this case --uid is a number because it is the unix uid, represented as uidnumber in LDAP (and why the error message indicates that uidNumber must be an integer).

The uid is specified as an argument on the command-line.

ipa user-add --first=Mickey --lsat=Mouse mmouse

Your search actually succeeds because you added the user as Secret123 and that entry does exist.

What can we do to make this clearer?
Comment 3 Rob Crittenden 2010-09-16 13:20:41 UTC 
Do you have any suggestions on clarifying this?
Comment 4 Jenny Severance 2010-09-16 16:45:40 UTC 
Hey Rob:  The help has been modified which makes it clearer as to the usage of ipa user-add.  I don't think this is an issue any more.  I will close the bug current release.
Thanks