Bug 1283592 - sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)
sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd (Show other bugs)
7.2
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: SSSD Maintainers
Steeve Goveas
: ZStream
Depends On:
Blocks: 1284814 1285852
  Show dependency treegraph
 
Reported: 2015-11-19 06:25 EST by Sudhir Menon
Modified: 2016-11-04 03:12 EDT (History)
13 users (show)

See Also:
Fixed In Version: sssd-1.13.0-41.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1284814 1285852 (view as bug list)
Environment:
Last Closed: 2016-11-04 03:12:36 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Sudhir Menon 2015-11-19 06:25:23 EST
Description of problem: "[sysdb_add_user] (0x0400): Error: 17 (File exists)" is displayed when id command is run on the ipaclient  post ipa-winsync-migrate

Version-Release number of selected component (if applicable):
sssd-1.13.0-40.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Set up winsync replica agreement
ipa-replica-manage connect --winsync --passsync=password --cacert=/etc/dirsrv/slapd-QE01-TEST/ADCert.cer win-i94qhqmthd4.adlabs.com --binddn "cn=Administrator,cn=Users,dc=adlabs,dc=com" --bindpw **** -vvv -p ****

2. Ensure users are synced from AD to IPA
3. Now create two way trust with same AD 
4. Ensure trust is setup 
5. Now run ipa-winsync-migrate 

e.g ipa-winsync-migrate --realm=adlabs.com --server=win-i94qhqmthd4.adlabs.com -v

6. Run id on the IPA-server and it displays the correct output
[root@mac1 sssd]# id aduser04@adlabs.com
uid=291400014(aduser04@adlabs.com) gid=291400014(aduser04@adlabs.com) groups=291400014(aduser04@adlabs.com),1436800513(domain users@adlabs.com)

7. Run id on the IPA-client


Actual results:
on the IPA-client when the id command is run it displays the below output

[root@mac2 ~]# id aduser04@adlabs.com
id: aduser04@adlabs.com: no such user


Expected results:
id command should display the same output as in IPA-server on the IPA-client
uid=291400014(aduser04@adlabs.com) gid=291400014(aduser04@adlabs.com) groups=291400014(aduser04@adlabs.com),1436800513(domain users@adlabs.com)

Additional info: 
Fix is seen in scratch build given by Sumit.
Comment 2 Sumit Bose 2015-11-19 06:29:45 EST
It looks like winsync-migrate adds the user name to the override object even it is hasn't changed. Unfortunately SSSD tries to add the same name twice to the namaAlias cache attribute which causes the failure seen above.
Comment 4 Jakub Hrozek 2015-11-19 07:03:39 EST
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2874
Comment 6 Jakub Hrozek 2015-11-20 09:02:33 EST
Fixed upstream:

* master: aedc71fe8360a51785933523f14bb5c4e7e2c38b
* sssd-1-13: 957ec390252128d89479606341ebd7f4f35d785f
Comment 7 Jakub Hrozek 2015-11-20 09:03:18 EST
Please qa_ack so the bug can be included in RHEL
Comment 11 Martin Kosek 2015-11-23 04:34:36 EST
Increasing priority and severity, given this makes the migration broken.
Comment 16 Sudhir Menon 2016-07-21 03:13:43 EDT
Fix is seen.
Verified using ipa-server-4.4.0-2.1.el7.x86_64

[root@server ~]# id user1@pne.qe
uid=558001403(user1@pne.qe) gid=558001403(user1@pne.qe) groups=558001403(user1@pne.qe)
[root@server ~]# id user5@pne.qe
uid=558001419(user5@pne.qe) gid=558001419(user5@pne.qe) groups=558001419(user5@pne.qe)


[root@client ~]# id user1@pne.qe
uid=558001403(user1@pne.qe) gid=558001403(user1@pne.qe) groups=558001403(user1@pne.qe)
[root@client ~]# id user5@pne.qe
uid=558001419(user5@pne.qe) gid=558001419(user5@pne.qe) groups=558001419(user5@pne.qe)
Comment 18 errata-xmlrpc 2016-11-04 03:12:36 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-2476.html

Note You need to log in before you can comment on or make changes to this bug.