Bug 868841
Summary: | Newly created users with organizationalPerson objectClass fails to sync from AD to DS with missing attribute error | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Sankar Ramalingam <sramling> |
Component: | 389-ds-base | Assignee: | Rich Megginson <rmeggins> |
Status: | CLOSED ERRATA | QA Contact: | Sankar Ramalingam <sramling> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 6.4 | CC: | jgalipea, nhosoi, nkinder, syeghiay |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 389-ds-base-1.2.11.15-4.el6 | Doc Type: | Bug Fix |
Doc Text: |
Cause: Even if an entry in AD does not have all the required attributes for the posix account entry, the entry is being synchronized to the directory server as an posix account entry.
Consequence: The synchronization fails due to the missing attribute error.
Fix: If the entry does not have all the required attributes, the posix account related attributes are dropped and the entry is synchronized as an ordinary entry.
Result: Even if there are missing posix account related attributes, the entry is successfully synchronized.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2013-02-21 08:21:07 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 881827 |
Description
Sankar Ramalingam
2012-10-22 09:26:12 UTC
Upstream ticket: https://fedorahosted.org/389/ticket/500 These are the verification steps. Please note that this change is included in 389-ds-base-1.2.11.15-4.el6 or after. Verification steps: test case 1) add a user entry to AD, which contains required attributes: unixHomeDirectory, uidNumber, gidNumber. The entry is supposed to be synchronized to the DS as a posix entry which includes: objectclass: posixaccount homeDirectory: <home directory> uidNumber: <uid number> gidNumber: <gid number> test case 2) add a user entry to AD, which contains no required attributes, but an allowed attribute, loginShell. The entry is supposed to be synchronized to the DS as an ordinary entry which does not include any posix account related attributes. test case 3) modify an ordinary entry on AD to add required attributes unixHomeDirectory, uidNumber, gidNumber. The entry on the DS is supposed to become a posix account entry with the above attributes. test case 4) modify an ordinary entry on AD to add no required attributes, but an allowed attribute loginShell. The modification is supposed to be ignored. The above mentioned tests successfully passed after upgrading the 389-ds-base package to 1.2.11.15-4. Hence marking the bug as Verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0503.html |