Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1283592

Summary: sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)
Product: Red Hat Enterprise Linux 7 Reporter: Sudhir Menon <sumenon>
Component: sssdAssignee: SSSD Maintainers <sssd-maint>
Status: CLOSED ERRATA QA Contact: Steeve Goveas <sgoveas>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 7.2CC: ekeck, grajaiya, jgalipea, jhrozek, jkurik, lslebodn, mkosek, mzidek, nsoman, pbrezina, sbose, sgoveas, sumenon
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: sssd-1.13.0-41.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1284814 1285852 (view as bug list) Environment:
Last Closed: 2016-11-04 07:12:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1284814, 1285852    

Description Sudhir Menon 2015-11-19 11:25:23 UTC 
Description of problem: "[sysdb_add_user] (0x0400): Error: 17 (File exists)" is displayed when id command is run on the ipaclient  post ipa-winsync-migrate

Version-Release number of selected component (if applicable):
sssd-1.13.0-40.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Set up winsync replica agreement
ipa-replica-manage connect --winsync --passsync=password --cacert=/etc/dirsrv/slapd-QE01-TEST/ADCert.cer win-i94qhqmthd4.adlabs.com --binddn "cn=Administrator,cn=Users,dc=adlabs,dc=com" --bindpw **** -vvv -p ****

2. Ensure users are synced from AD to IPA
3. Now create two way trust with same AD 
4. Ensure trust is setup 
5. Now run ipa-winsync-migrate 

e.g ipa-winsync-migrate --realm=adlabs.com --server=win-i94qhqmthd4.adlabs.com -v

6. Run id on the IPA-server and it displays the correct output
[root@mac1 sssd]# id aduser04
uid=291400014(aduser04) gid=291400014(aduser04) groups=291400014(aduser04),1436800513(domain users)

7. Run id on the IPA-client


Actual results:
on the IPA-client when the id command is run it displays the below output

[root@mac2 ~]# id aduser04
id: aduser04: no such user


Expected results:
id command should display the same output as in IPA-server on the IPA-client
uid=291400014(aduser04) gid=291400014(aduser04) groups=291400014(aduser04),1436800513(domain users)

Additional info: 
Fix is seen in scratch build given by Sumit.
Comment 2 Sumit Bose 2015-11-19 11:29:45 UTC 
It looks like winsync-migrate adds the user name to the override object even it is hasn't changed. Unfortunately SSSD tries to add the same name twice to the namaAlias cache attribute which causes the failure seen above.
Comment 4 Jakub Hrozek 2015-11-19 12:03:39 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2874
Comment 6 Jakub Hrozek 2015-11-20 14:02:33 UTC 
Fixed upstream:

* master: aedc71fe8360a51785933523f14bb5c4e7e2c38b
* sssd-1-13: 957ec390252128d89479606341ebd7f4f35d785f
Comment 7 Jakub Hrozek 2015-11-20 14:03:18 UTC 
Please qa_ack so the bug can be included in RHEL
Comment 11 Martin Kosek 2015-11-23 09:34:36 UTC 
Increasing priority and severity, given this makes the migration broken.
Comment 16 Sudhir Menon 2016-07-21 07:13:43 UTC 
Fix is seen.
Verified using ipa-server-4.4.0-2.1.el7.x86_64

[root@server ~]# id user1
uid=558001403(user1) gid=558001403(user1) groups=558001403(user1)
[root@server ~]# id user5
uid=558001419(user5) gid=558001419(user5) groups=558001419(user5)


[root@client ~]# id user1
uid=558001403(user1) gid=558001403(user1) groups=558001403(user1)
[root@client ~]# id user5
uid=558001419(user5) gid=558001419(user5) groups=558001419(user5)
Comment 18 errata-xmlrpc 2016-11-04 07:12:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-2476.html