Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2000420

Summary: Not able to preserve users using "ipa user-del --preserve"
Product: Red Hat Enterprise Linux 9 Reporter: Varun Mylaraiah <mvarun>
Component: 389-ds-baseAssignee: Simon Pichugin <spichugi>
Status: CLOSED CURRENTRELEASE QA Contact: RHDS QE <ds-qe-bugs>
Severity: high Docs Contact:
Priority: urgent    
Version: 9.0CC: ldap-maint, lmiksik, mreynolds, rcritten, sgouvern, spichugi, tbordaz, tscherf
Target Milestone: rcKeywords: Regression, Triaged
Target Release: 9.0 BetaFlags: pm-rhel: mirror+
Hardware: x86_64   
OS: Linux   
Whiteboard: sync-to-jira
Fixed In Version: 389-ds-base-2.0.8-6.el9_b Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2005028 2011397 (view as bug list) Environment:
Last Closed: 2021-12-07 21:24:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2005028, 2011397    

Description Varun Mylaraiah 2021-09-02 06:38:41 UTC 
Description of problem:
In Rhel 9.0 Beta, not able to delete and preserve users using "ipa user-del --preserve"

Version-Release number of selected component (if applicable):
ipa-server-4.9.6-6.el9.x86_64

How reproducible:
Always

Steps to Reproduce:

[root@master ~]# ipa user-add testuser9-beta
First name: rhel
Last name: 9-beta
---------------------------
Added user "testuser9-beta"
---------------------------
  User login: testuser9-beta
  First name: rhel
  Last name: 9-beta
  Full name: rhel 9-beta
  Display name: rhel 9-beta
  Initials: r9
  Home directory: /home/testuser9-beta
  GECOS: rhel 9-beta
  Login shell: /bin/sh
  Principal name: testuser9-beta
  Principal alias: testuser9-beta
  Email address: testuser9-beta
  UID: 565200021
  GID: 565200021
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False

[root@master ~]# ipa user-del testuser9-beta --preserve
ipa: ERROR: This entry already exists

[root@master ~]# ipa user-show testuser9-beta
  User login: testuser9-beta
  First name: rhel
  Last name: 9-beta
  Home directory: /home/testuser9-beta
  Login shell: /bin/sh
  Principal name: testuser9-beta
  Principal alias: testuser9-beta
  Email address: testuser9-beta
  UID: 565200021
  GID: 565200021
  Account disabled: False
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False


Actual results:
[root@master ~]# ipa user-del testuser9-beta --preserve
ipa: ERROR: This entry already exists

Expected results:
Users should delete and preserve for future use.


Additional info:
in RHEL8.5
==========
[root@master ~]# ipa user-add testuser85
First name: rhel
Last name: 85
-----------------------
Added user "testuser85"
-----------------------
  User login: testuser85
  First name: rhel
  Last name: 85
  Full name: rhel 85
  Display name: rhel 85
  Initials: r8
  Home directory: /home/testuser85
  GECOS: rhel 85
  Login shell: /bin/sh
  Principal name: testuser85
  Principal alias: testuser85
  Email address: testuser85
  UID: 60000007
  GID: 60000007
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False


[root@master ~]# ipa user-del testuser85 --preserve
-------------------------
Deleted user "testuser85"
-------------------------


[root@master ~]# ipa user-show testuser85
  User login: testuser85
  First name: rhel
  Last name: 85
  Home directory: /home/testuser85
  Login shell: /bin/sh
  Principal name: testuser85
  Principal alias: testuser85
  Email address: testuser85
  UID: 60000007
  GID: 60000007
  Account disabled: True
  Preserved user: True
  Password: False
  Kerberos keys available: False
Comment 1 Florence Blanc-Renaud 2021-09-02 06:42:49 UTC 
Upstream ticket:
https://pagure.io/freeipa/issue/8976
Comment 2 Florence Blanc-Renaud 2021-09-02 06:46:06 UTC 
The issue was also seen upstream, since the release of 389-ds-base 2.0.8.
Additional information in the 389ds github ticket https://github.com/389ds/389-ds-base/issues/4894

The problem seems related to attribute uniqueness plugin. Moving the issue to 389-ds component
Comment 9 sgouvern 2021-09-21 13:42:22 UTC 
With 389-ds-base-2.0.8-5.el9.x86_64

# PYTHONPATH=src/lib389 py.test -v dirsrvtests/tests/suites/plugins/attruniq_test.py 
re-exec with libfaketime dependencies
========================================================== test session starts ==========================================================
platform linux -- Python 3.9.7, pytest-5.4.3, py-1.10.0, pluggy-0.13.1 -- /usr/bin/python3
cachedir: .pytest_cache
metadata: {'Python': '3.9.7', 'Platform': 'Linux-5.14.0-2.el9.x86_64-x86_64-with-glibc2.34', 'Packages': {'pytest': '5.4.3', 'py': '1.10.0', 'pluggy': '0.13.1'}, 'Plugins': {'metadata': '1.11.0', 'html': '3.1.1', 'libfaketime': '0.1.2', 'flaky': '3.7.0'}}
389-ds-base: 2.0.8-5.el9
nss: 3.67.0-13.el9
nspr: 4.32.0-2.el9
openldap: 2.4.57-8.el9
cyrus-sasl: 2.1.27-17.el9
FIPS: disabled
rootdir: /mnt/tests/rhds/tests/upstream/ds/dirsrvtests, inifile: pytest.ini
plugins: metadata-1.11.0, html-3.1.1, libfaketime-0.1.2, flaky-3.7.0
collected 1 item                                                                                                                        

dirsrvtests/tests/suites/plugins/attruniq_test.py::test_modrdn_attr_uniqueness PASSED                                             [100%]

========================================================== 1 passed in 16.61s ===========================================================

marking as verified:tested
Comment 14 sgouvern 2021-09-24 09:21:18 UTC 
As per comment 9 marking as VERIFIED