Hide Forgot
Description of problem: user-mod --rename is successful for more than 32 characters. Version-Release number of selected component (if applicable): ipa-server-2.2.0-4.el6.x86_64 How reproducible: Steps to Reproduce: 1.# ipa user-mod --rename=max32charactersmax32charactersmax sup34 --------------------- Modified user "sup34" --------------------- User login: max32charactersmax32charactersmax First name: Superuser Last name: crazylastnametoolong Home directory: /home2/sup34 Login shell: /bin/sh Email address: sup34.domain.co.uk.us.fi.com UID: 243400008 GID: 243400008 Telephone Number: 9999999999 Account disabled: False Password: False Member of groups: ipausers Kerberos keys available: False # ipa user-mod --rename=max32charactersmax32charactersmax123456789 max32charactersmax32charactersmax ------------------------------------------------- Modified user "max32charactersmax32charactersmax" ------------------------------------------------- User login: max32charactersmax32charactersmax123456789 First name: Superuser Last name: crazylastnametoolong Home directory: /home2/sup34 Login shell: /bin/sh Email address: sup34.domain.co.uk.us.fi.com UID: 243400008 GID: 243400008 Telephone Number: 9999999999 Account disabled: False Password: False Member of groups: ipausers Kerberos keys available: False Observed that user-add does not allow more than 32 characters: # ipa user-add max32charactersmax32charactersmax First name: superuser Last name: crazylastname2 ipa: ERROR: invalid 'login': can be at most 32 characters Actual results: user-mod --rename allows login name with more than 32 characters. Expected results: user-mod --rename login name should be at most 32 characters. Should throw error if there is more than 32 characters. Additional info:
Yes, this is a bug, we don't apply validation on --rename option. I will open a bug.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/2587
fixed upstream master: dcea80fc1700aff5a87e3f3bff442e80455243a0 ipa-2-2: 9e2ee3ecb5489e2393763857e50485aa588872e9
FailedQA : Error message when try to rename a user with more than 32 characters is inconsistent with the other error messages for rename (example: ipa: ERROR: invalid 'rename': may only include letters, numbers, _, -, . and $). GOT: ipa: ERROR: invalid 'login': can be at most 32 characters EXPECTED: ipa: ERROR: invalid 'rename': can be at most 32 characters :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ipa-user-cli-mod-057: Rename user with a string of 33 characters (more than allowed) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Executing: ipa user-mod --rename=max32charactersmax32charactersmax max32charactersmax32charactersma :: [ LOG ] :: "ipa user-mod --rename=max32charactersmax32charactersmax max32charactersmax32charactersma" failed as expected. :: [ FAIL ] :: ERROR: Message not as expected. GOT: ipa: ERROR: invalid 'login': can be at most 32 characters EXP: ipa: ERROR: invalid 'rename': can be at most 32 characters :: [ FAIL ] :: Verify expected error message for --rename=max32charactersmax32charactersmax (Expected 0, got 1) :: [ FAIL ] :: Renaming user to max32charactersmax32charactersma (Expected 0, got 2) :: [ LOG ] :: Duration: 19s :: [ LOG ] :: Assertions: 0 good, 3 bad :: [ FAIL ] :: RESULT: ipa-user-cli-mod-057: Rename user with a string of 33 characters (more than allowed)
I think the expected error is incorrect. There is no rename attribute, this is saying that the new login attribute is too long.
Corrected the expected message in automation script to be "ipa: ERROR: invalid 'login': can be at most 32 characters". Version :: ipa-server.x86_64 0:2.2.0-9.el6 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ipa-user-cli-mod-057: Rename user with a string of 33 characters (more than allowed) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Executing: ipa user-mod --rename=max32charactersmax32charactersmax max32charactersmax32charactersma :: [ LOG ] :: "ipa user-mod --rename=max32charactersmax32charactersmax max32charactersmax32charactersma" failed as expected. :: [ PASS ] :: Error message as expected: ipa: ERROR: invalid 'login': can be at most 32 characters :: [ PASS ] :: Verify expected error message for --rename=max32charactersmax32charactersmax :: [ LOG ] :: Duration: 7s :: [ LOG ] :: Assertions: 2 good, 0 bad :: [ PASS ] :: RESULT: ipa-user-cli-mod-057: Rename user with a string of 33 characters (more than allowed) Marking bug verified.
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No documentation needed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html