RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Description of problem:

In RHEL6 it was possible to combine 'files' and 'ldap' modules in libuser configuration, in RHEL7 is is no longer possible and this change is also not documented in libuser.conf man page.

Version-Release number of selected component (if applicable):

libuser-0.57.6-1.el7

How reproducible:

100%

Steps to Reproduce:

1. Configure libuser as follows (libuser.conf):

login_defs = /etc/login.defs
default_useradd = /etc/default/useradd

[defaults]

crypt_style = md5
create_modules = files shadow ldap
modules = files shadow ldap

[userdefaults]
LU_USERNAME = %n
LU_GIDNUMBER = %u

[groupdefaults]
LU_GROUPNAME = %n

[files]

[shadow]

[ldap]
server = ldap://127.0.0.1
basedn = dc=foo,dc=bar,dc=com
binddn = cn=Manager,dc=foo,dc=bar,dc=com
password = x
bindtype = simple

[sasl]

2. Optionally configure LDAP in the aforementioned configuration.

3. lid ldapuser
  
Actual results:

Error initializing libuser: the `files' and `ldap' modules can not be combined.

Expected results:

ldapgroup(gid=20001) [e.g.]

Additional info:

Thanks for your report.

This was an intentional change in libuser-0.57, to resolve bug #643227.  The semantics of the "encrypted password" field differs between /etc/shadow and LDAP, and libuser's architecture cannot cope with this without non-trivial changes, so disabling the combination of the two modules was considered the cleanest solution.  Yes, it removes a feature, however one that I don't think is used very frequently.

Do you know of a case where the module combination is needed?  Looking at the referenced test case, it seems that it could be modified not to combine the files/shadow and ldap modules.