2000420 – Not able to preserve users using "ipa user-del --preserve"

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2000420 - Not able to preserve users using "ipa user-del --preserve"

Summary: Not able to preserve users using "ipa user-del --preserve"

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	389-ds-base
Sub Component:
Version:	9.0
Hardware:	x86_64
OS:	Linux
Priority:	urgent
Severity:	high
Target Milestone:	rc
Target Release:	9.0 Beta
Assignee:	Simon Pichugin
QA Contact:	RHDS QE
Docs Contact:
URL:
Whiteboard:	sync-to-jira
Depends On:
Blocks:	2005028 2011397
TreeView+	depends on / blocked

Reported:	2021-09-02 06:38 UTC by Varun Mylaraiah
Modified:	2021-12-07 21:26 UTC (History)
CC List:	8 users (show)
Fixed In Version:	389-ds-base-2.0.8-6.el9_b
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	2005028 2011397 (view as bug list)
Environment:
Last Closed:	2021-12-07 21:24:13 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:
Flags:	pm-rhel: mirror+

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	https://github.com/389ds 389-ds-base issues 4894	None	None	None	2021-09-10 21:22:36 UTC
Red Hat Issue Tracker	IDMDS-1609	None	None	None	2021-09-07 11:59:44 UTC
Red Hat Issue Tracker	IDMDS-1619	None	None	None	2021-09-07 14:41:35 UTC
Red Hat Issue Tracker	IDMDS-1620	None	None	None	2021-09-07 14:43:54 UTC
Red Hat Issue Tracker	RHELPLAN-95955	None	None	None	2021-09-02 06:38:56 UTC

Description Varun Mylaraiah 2021-09-02 06:38:41 UTC

Description of problem:
In Rhel 9.0 Beta, not able to delete and preserve users using "ipa user-del --preserve"

Version-Release number of selected component (if applicable):
ipa-server-4.9.6-6.el9.x86_64

How reproducible:
Always

Steps to Reproduce:

[root@master ~]# ipa user-add testuser9-beta
First name: rhel
Last name: 9-beta
---------------------------
Added user "testuser9-beta"
---------------------------
  User login: testuser9-beta
  First name: rhel
  Last name: 9-beta
  Full name: rhel 9-beta
  Display name: rhel 9-beta
  Initials: r9
  Home directory: /home/testuser9-beta
  GECOS: rhel 9-beta
  Login shell: /bin/sh
  Principal name: testuser9-beta
  Principal alias: testuser9-beta
  Email address: testuser9-beta
  UID: 565200021
  GID: 565200021
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False

[root@master ~]# ipa user-del testuser9-beta --preserve
ipa: ERROR: This entry already exists

[root@master ~]# ipa user-show testuser9-beta
  User login: testuser9-beta
  First name: rhel
  Last name: 9-beta
  Home directory: /home/testuser9-beta
  Login shell: /bin/sh
  Principal name: testuser9-beta
  Principal alias: testuser9-beta
  Email address: testuser9-beta
  UID: 565200021
  GID: 565200021
  Account disabled: False
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False


Actual results:
[root@master ~]# ipa user-del testuser9-beta --preserve
ipa: ERROR: This entry already exists

Expected results:
Users should delete and preserve for future use.


Additional info:
in RHEL8.5
==========
[root@master ~]# ipa user-add testuser85
First name: rhel
Last name: 85
-----------------------
Added user "testuser85"
-----------------------
  User login: testuser85
  First name: rhel
  Last name: 85
  Full name: rhel 85
  Display name: rhel 85
  Initials: r8
  Home directory: /home/testuser85
  GECOS: rhel 85
  Login shell: /bin/sh
  Principal name: testuser85
  Principal alias: testuser85
  Email address: testuser85
  UID: 60000007
  GID: 60000007
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False


[root@master ~]# ipa user-del testuser85 --preserve
-------------------------
Deleted user "testuser85"
-------------------------


[root@master ~]# ipa user-show testuser85
  User login: testuser85
  First name: rhel
  Last name: 85
  Home directory: /home/testuser85
  Login shell: /bin/sh
  Principal name: testuser85
  Principal alias: testuser85
  Email address: testuser85
  UID: 60000007
  GID: 60000007
  Account disabled: True
  Preserved user: True
  Password: False
  Kerberos keys available: False

Comment 1 Florence Blanc-Renaud 2021-09-02 06:42:49 UTC

Upstream ticket:
https://pagure.io/freeipa/issue/8976

Comment 2 Florence Blanc-Renaud 2021-09-02 06:46:06 UTC

The issue was also seen upstream, since the release of 389-ds-base 2.0.8.
Additional information in the 389ds github ticket https://github.com/389ds/389-ds-base/issues/4894

The problem seems related to attribute uniqueness plugin. Moving the issue to 389-ds component

Comment 9 sgouvern 2021-09-21 13:42:22 UTC

With 389-ds-base-2.0.8-5.el9.x86_64

# PYTHONPATH=src/lib389 py.test -v dirsrvtests/tests/suites/plugins/attruniq_test.py 
re-exec with libfaketime dependencies
========================================================== test session starts ==========================================================
platform linux -- Python 3.9.7, pytest-5.4.3, py-1.10.0, pluggy-0.13.1 -- /usr/bin/python3
cachedir: .pytest_cache
metadata: {'Python': '3.9.7', 'Platform': 'Linux-5.14.0-2.el9.x86_64-x86_64-with-glibc2.34', 'Packages': {'pytest': '5.4.3', 'py': '1.10.0', 'pluggy': '0.13.1'}, 'Plugins': {'metadata': '1.11.0', 'html': '3.1.1', 'libfaketime': '0.1.2', 'flaky': '3.7.0'}}
389-ds-base: 2.0.8-5.el9
nss: 3.67.0-13.el9
nspr: 4.32.0-2.el9
openldap: 2.4.57-8.el9
cyrus-sasl: 2.1.27-17.el9
FIPS: disabled
rootdir: /mnt/tests/rhds/tests/upstream/ds/dirsrvtests, inifile: pytest.ini
plugins: metadata-1.11.0, html-3.1.1, libfaketime-0.1.2, flaky-3.7.0
collected 1 item                                                                                                                        

dirsrvtests/tests/suites/plugins/attruniq_test.py::test_modrdn_attr_uniqueness PASSED                                             [100%]

========================================================== 1 passed in 16.61s ===========================================================

marking as verified:tested

Comment 14 sgouvern 2021-09-24 09:21:18 UTC

As per comment 9 marking as VERIFIED

Note You need to log in before you can comment on or make changes to this bug.