Bug 798352 - winsync now does not fill gidnumber
winsync now does not fill gidnumber
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa (Show other bugs)
6.3
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Rob Crittenden
IDM QE LIST
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-02-28 12:42 EST by Rob Crittenden
Modified: 2012-06-20 09:19 EDT (History)
3 users (show)

See Also:
Fixed In Version: ipa-2.2.0-5.el6
Doc Type: Bug Fix
Doc Text:
No documentation needed.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-20 09:19:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Rob Crittenden 2012-02-28 12:42:26 EST
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2436

Ticket #2238 changed ipa default user group `ipausers` to non-posix. This, however, conflicts with our winsync synchronization which now creates non-posix IPA users with no GID number. Such users are then also not shown in `ipa user-find` command.

dirsrv error_log reports following errors:
{{{
[root@vm-068 freeipa-stable]# tail -f /var/log/dirsrv/slapd-IDM-LAB-BOS-REDHAT-COM/errors
[23/Feb/2012:10:49:49 -0500] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=meTodhcp201-112.englab.pnq.redhat.com" (dhcp201-112:389)". Sent 8 entries.
[23/Feb/2012:10:50:06 -0500] ipa_winsync_config_refresh_domain - [file ipa-winsync-config.c, line 923]: Error: could not find the entry containing the default gidNumber ds subtree [cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com] filter [(cn=ipaConfig)] attr [gidNumber]
[23/Feb/2012:10:50:06 -0500] ipa_winsync_config_refresh_domain - [file ipa-winsync-config.c, line 923]: Error: could not find the entry containing the default gidNumber ds subtree [cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com] filter [(cn=ipaConfig)] attr [gidNumber]
[23/Feb/2012:10:54:39 -0500] ipa_winsync_config_refresh_domain - [file ipa-winsync-config.c, line 923]: Error: could not find the entry containing the default gidNumber ds subtree [cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com] filter [(cn=ipaConfig)] attr [gidNumber]
...
}}}

If ipausers group is made a posix group again, users are created with a GID number. We may want to either make `ipa-replica-manage` to report this situation to user before an agreement is created so that he can make ipausers a posix group or fix ipa-winsync plugin to not require this GID since AD users have private groups by default.

This ticket may be connected with #2324.
Comment 4 Martin Kosek 2012-04-24 09:30:28 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed.
Comment 5 Steeve Goveas 2012-04-25 10:01:26 EDT
default behavior :: user synced, UPG created and user's GID number set to UPG GID which should be the same as their UID and user is not added ipausers group

[root@primenova ~]# ipa user-find steeve
---------------
2 users matched
---------------
  User login: steeve
  First name: steeve
  Last name: ad
  Home directory: /home/steeve
  Login shell: /bin/sh
  UID: 1084800079
  GID: 1084800079
  Account disabled: False
  Password: True
  Kerberos keys available: True

  User login: steeve2
  First name: steeve2
  Last name: ads
  Home directory: /home/steeve2
  Login shell: /bin/sh
  UID: 1084800166
  GID: 1084800166
  Account disabled: False
  Password: True
  Kerberos keys available: True
----------------------------
Number of entries returned 2
----------------------------
[root@primenova ~]#


[root@primenova ~]# ipa-managed-entries -e "UPG Definition" status
Plugin Enabled
[root@primenova ~]#

[root@primenova ~]# ipa group-find ipausers
---------------
1 group matched
---------------
  Group name: ipausers
  Description: Default group for all users
  Member users: shanksipa
----------------------------
Number of entries returned 1
----------------------------
[root@primenova ~]#

Verified in version ipa-server-2.2.0-11.el6.x86_64
Comment 7 errata-xmlrpc 2012-06-20 09:19:55 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0819.html

Note You need to log in before you can comment on or make changes to this bug.