Description of problem: Synchronization of newly created users from AD to DS fails with missing attribute "uidNumber" required by object class "posixAccount". The user is created with organizationalPerson objectClass in AD.
Version-Release number of selected component (if applicable): 389-ds-base-126.96.36.199-2
How reproducible: Consistently
Steps to Reproduce:
1. Install the latest build of 389-ds-base-1.2.11 on RHEL64.
2. Create an instance and configure winsync.
3. Enable Posix Winsync plugin - "cn=Posix Winsync API,cn=plugins,cn=config"
4. Run full sync to create the existing users from DS to AD and vice versa.
5. Create few posix users on AD with posixAccount objectClass, uidNumber and gidNumber attribute.
6. Check whether the users synced to DS. Successfully created user on DS.
7. Create a normal user without posixAccount(with organizationalPerson) objectClass from AD.
8. Check whether users synced to DS. Failed to create user on DS.
[22/Oct/2012:01:24:20 -0400] - Entry "uid=adadnewadad1,ou=dswinsync,dc=passsync,dc=com" missing attribute "uidNumber" required by object class "posixAccount"
[22/Oct/2012:01:24:20 -0400] - Entry "uid=adadnewadad1,ou=dswinsync,dc=passsync,dc=com" missing attribute "gidNumber" required by object class "posixAccount"
[22/Oct/2012:01:24:20 -0400] NSMMReplicationPlugin - add operation of entry uid=adadnewadad1,ou=dswinsync,dc=passsync,dc=com returned: 65
Winsync should support the normal user synchronization as well.
Additional info: This looks like a regression.
These are the verification steps. Please note that this change is included in 389-ds-base-188.8.131.52-4.el6 or after.
test case 1) add a user entry to AD, which contains required attributes: unixHomeDirectory, uidNumber, gidNumber. The entry is supposed to be synchronized to the DS as a posix entry which includes:
homeDirectory: <home directory>
uidNumber: <uid number>
gidNumber: <gid number>
test case 2) add a user entry to AD, which contains no required attributes, but an allowed attribute, loginShell. The entry is supposed to be synchronized to the DS as an ordinary entry which does not include any posix account related attributes.
test case 3) modify an ordinary entry on AD to add required attributes unixHomeDirectory, uidNumber, gidNumber. The entry on the DS is supposed to become a posix account entry with the above attributes.
test case 4) modify an ordinary entry on AD to add no required attributes, but an allowed attribute loginShell. The modification is supposed to be ignored.
The above mentioned tests successfully passed after upgrading the 389-ds-base package to 184.108.40.206-4. Hence marking the bug as Verified.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.