One more question - should the console allow a value of "0" for uid number and/or gid number?

1) Console should allow an explicit value of "0" for uid and gid number - no warning
2) Console should allow an explicit value of "0" for uid and gid number, and should present a warning dialog to the user
3) Console should prevent a value of "0"

Created attachment 326368 [details]
diffs

In my [very] humble opinion, #2 is the right thing to do.  

However, in general non-numeric entry into a schema defined numeric attribute needs to return an error.  As per the RFC, this is to be enforced client-side (i.e. in the console).

(In reply to comment #6)
> In my [very] humble opinion, #2 is the right thing to do.  
> 
> However, in general non-numeric entry into a schema defined numeric attribute
> needs to return an error.  As per the RFC, this is to be enforced client-side
> (i.e. in the console).

Ok.  In general, except for the Advanced... attribute editor, the console is too "big" to enforce this console wide.  That's why I focused on uidNumber and gidNumber for this particular problem.  I will also fix the Advanced... editor.  Are there any other specific fields that need to be fixed?

Ahh, gotcha.  In the simple user and group edit dialogs, no, those are the most important.  Thanks :)

The Advanced... editor classes (DSEntryPanel and AttributeEditor) don't have any provision for input validation.  There are different editors based on attribute name (objectclass,jpegPhoto) and syntax (binary), but there is nothing that will enable/disable the OK button and/or show you visual indication of field status (e.g. as in the Configuration tab panels).  It would take a bit of work to add that.

For generic validation based on syntax, there are some problems.
1) Since the DS does disallow non-syntax values, and users may have taken advantage of this, even by editing the value via ldapmodify, you could find yourself in the situation where the Advanced editor does not work for a specific attribute/value
2) For integer fields, would need to have the ability to specify a different range (min, max vals) for each field based on attribute name e.g. uidNumber should disallow negative numbers, and warn for a value of 0 - other fields might allow a value of -1 to mean "unlimited" or something like that

So I'm reluctant to add all of this for 8.1.  But, even with the above fix, the user can still go into the Advanced editor and edit uidNumber to a non-integer value.

Created attachment 326445 [details]
cvs commit log

Reviewed by: nhosoi (Thanks!)
Fix Description: Fixed for posix uidNumber and gidNumber.  Non numeric or negative values will be rejected.  If the user specifies an explicit value of 0, a warning dialog will ask if the user really wants to do this.
Platforms tested: RHEL5
Flag Day: no
Doc impact: yes

fix verified - RHEL 5 DS 8.1
errors:
The uidNumber field must have a numeric value.
The gidNumber field must have a numberic value.
The uidNumber field does not have a valid value. (negative number)

warning:
The value 0 is for privileged users only.
Assigning this value to a user will give this user privileged access.
Do you really want to use this value?

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-0455.html