Hide Forgot
This bug is created as a clone of upstream ticket: https://fedorahosted.org/freeipa/ticket/6199 We do not have right to write to users delete_container. In case that user already exists in that container and we tried to add entry, we receive ACIError. This must be checked and DuplicationEntry error must be raised before. Several similar errors in ipa.test_xmlrpc.test_stageuser_plugin: {{{ except errors.PublicError as got_exception: > assert type(expected_exception) is type(got_exception) E assert <class 'ipalib.errors.DuplicateEntry'> is <class 'ipalib.errors.ACIError'> E + where <class 'ipalib.errors.DuplicateEntry'> = type(DuplicateEntry(u'user with name "tuser" already exists',)) E + and <class 'ipalib.errors.ACIError'> = type(ACIError(u"Insufficient access: Insufficient 'add' privilege to add the entry ...ts,cn=provisioning,dc=dom-150,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com'.",)) }}} Version of DS: 389-ds-base-1.3.5.12-1.fc24.x86_64 In the latest provided build of DS, there were some changes in ACI enforcing, thus this is probbably the root cause
Fixed upstream master: https://fedorahosted.org/freeipa/changeset/5c50b265e6b5a0d06f213b5eb581c96e3392aeea
Steps to reproduce: $ ipa user-add test $ ipa user-del test --preserve $ ipa user-add test
Verified using IPA version :: ipa-server-4.4.0-12.el7.x86_64 Marking BZ as verified.
Created attachment 1202455 [details] console.log
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html