Description of problem: When creating an account on an machine that is an LDAP slave, smbldap-adduser tries to set the user's home directory permissions before the account info has replicated back from the master LDAP server to the slave. This results in a silent failure to set the user's directory permissions (because stderr has been redirected to /dev/null). User's directory permissions must be set manually afterwards to ensure proper operation. Version-Release number of selected component (if applicable): smbldap-tools-0.9.4-1.fc8 How reproducible: Always Steps to Reproduce: 1. Run: smbldap-adduser -a -m -N Joe -S User -P joeuser 2. ls -la /home/joeuser Actual results: User's home directory permissions not set Expected results: User's home directory permissions set correctly Additional info: Using openldap-2.3.39-3.fc8 on slave, openldap-2.2.29-1.FC4 on master.
Created attachment 306276 [details] Patch for smbldap-useradd on smbldap-tools-0.9.4-1.fc8 Patch to make smbldap-useradd wait until "id username" responds with something other than "No such user". No idea if "id" is the tool best suited for this task, but it Works For Me(tm).
Created attachment 306484 [details] Alternative patch that avoids the wait Here's my alternative suggestion. Instead of waiting for the username to become visible in LDAP, set the ownership of the home directory by UID instead of name. This way, chown doesn't need to do the name-to-UID mapping and so there's no need to check for LDAP replication having happened.
Just note from your friendly bug triager -- I think, that the correct status of this bug according to https://fedoraproject.org/wiki/BugZappers/BugStatusWorkFlow is ASSIGNED. Please, correct this bug to the right state, if I am wrong.
smbldap-tools-0.9.5-2 packages including my alternative patch (and also proposed fixes for Bug #441833 and Bug #430105) can be found here: http://mirror.city-fan.org/ftp/contrib/sysutils/ I'd appreciate some feedback before I issue these as official Fedora updates.
Paul, Sorry for the late response. Your alternative patch worked well for me. Thanks!
smbldap-tools-0.9.5-2.fc8 has been submitted as an update for Fedora 8
smbldap-tools-0.9.5-2.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update smbldap-tools'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-6199
This update is now in the main Fedora 8 updates repository.