891930 – DNA plugin no longer reports additional info when range is depleted

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 891930 - DNA plugin no longer reports additional info when range is depleted

Summary: DNA plugin no longer reports additional info when range is depleted

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	389-ds-base
Sub Component:
Version:	6.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Rich Megginson
QA Contact:	Sankar Ramalingam
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	895654
TreeView+	depends on / blocked

Reported:	2013-01-04 14:31 UTC by Martin Kosek
Modified:	2020-09-13 20:21 UTC (History)
CC List:	6 users (show)
Fixed In Version:	389-ds-base-1.2.11.15-9.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-02-21 08:21:55 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	389ds 389-ds-base issues 549	0	None	closed	DNA plugin no longer reports additional info when range is depleted	2021-02-08 09:51:40 UTC
Red Hat Product Errata	RHSA-2013:0503	0	normal	SHIPPED_LIVE	Moderate: 389-ds-base security, bug fix, and enhancement update	2013-02-21 08:18:44 UTC

Description Martin Kosek 2013-01-04 14:31:44 UTC

Description of problem:

DNS plugin no longer reports additional info when range is depleted.

In RHEL-6.3: 389-ds-base-1.2.10.2-15.el6.x86_64

# ipa user-add --first=Foo --last=Bar fbar10
ipa: ERROR: Operations error: Allocation of a new value for range cn=posix
ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed!
Unable to proceed.

Direct ldapadd:
# ldapadd -h localhost -Y GSSAPI
SASL/GSSAPI authentication started
SASL username: admin.BOS.REDHAT.COM
SASL SSF: 56
SASL data security layer installed.
dn: uid=fbar10,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
uid: fbar10
sn: Bar
cn: Foo Bar
homedirectory: /home/fbar10
krbprincipalname: fbar10.BOS.REDHAT.COM
uidnumber: 999
gidnumber: 999
nsaccountlock: False
krbpwdpolicyreference:
cn=global_policy,cn=IDM.LAB.BOS.REDHAT.COM,cn=kerberos,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
objectclass: top
objectclass: person
objectclass: organizationalperson
objectclass: inetorgperson
objectclass: inetuser
objectclass: posixaccount
objectclass: krbprincipalaux
objectclass: krbticketpolicyaux
objectclass: ipaobject
objectclass: ipasshuser
objectclass: ipaSshGroupOfPubKeys
objectclass: mepOriginEntry

adding new entry
"uid=fbar10,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com"
ldap_add: Operations error (1)
	additional info: Allocation of a new value for range cn=posix
ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed!
Unable to proceed.

<<< Additional info present


In RHEL-6.4: 389-ds-base-1.2.11.15-8.el6.x86_64

# ipa user-add --first=Foo --last=Bar fbar10
ipa: ERROR: Operations error:

Direct ldapadd:
# ldapadd -h localhost -Y GSSAPI
SASL/GSSAPI authentication started
SASL username: admin.BOS.REDHAT.COM
SASL SSF: 56
SASL data security layer installed.
dn: uid=fbar10,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
uid: fbar10
sn: Bar
cn: Foo Bar
homedirectory: /home/fbar10
krbprincipalname: fbar10.BOS.REDHAT.COM
uidnumber: 999
gidnumber: 999
nsaccountlock: False
krbpwdpolicyreference:
cn=global_policy,cn=IDM.LAB.BOS.REDHAT.COM,cn=kerberos,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
objectclass: top
objectclass: person
objectclass: organizationalperson
objectclass: inetorgperson
objectclass: inetuser
objectclass: posixaccount
objectclass: krbprincipalaux
objectclass: krbticketpolicyaux
objectclass: ipaobject
objectclass: ipasshuser
objectclass: ipaSshGroupOfPubKeys
objectclass: mepOriginEntry

adding new entry
"uid=fbar10,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com"
ldap_add: Operations error (1)


Version-Release number of selected component (if applicable):
389-ds-base-1.2.11.15-8.el6.x86_64

How reproducible:


Steps to Reproduce:
1. Install and configure ipa server
2. Add so many users to deplete default configured UID range
3. Add a user when the DNS plugin UID range is depleted
  
Actual results:
Operations Error with no additional info is reported

Expected results:
Operations Error with additional info is reported

Additional info:

Comment 3 Nathan Kinder 2013-01-04 19:37:04 UTC

This regression is caused by a change that was made to have DNA allocate values at backend preop time (as opposed to the regular preop phase).

I have a working patch that I will be sending out for review shortly.

Comment 4 Nathan Kinder 2013-01-04 19:41:05 UTC

Upstream ticket:
https://fedorahosted.org/389/ticket/549

Comment 7 Scott Poore 2013-01-05 02:45:12 UTC

Verified.

Version ::

389-ds-base-1.2.11.15-9.el6.x86_64

Pre Test Setup ::

[root@rhel6-2 install-server-cli]# ipa-server-install --setup-dns --forwarder=$DNSFORWARD  -r $RELM -p $ADMINPW -P $ADMINPW -a $ADMINPW --idstart=5000 --idmax=5010 -U

The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will set up the IPA Server.

This includes:
  * Configure a stand-alone CA (dogtag) for certificate management
  * Configure the Network Time Daemon (ntpd)
  * Create and configure an instance of Directory Server
  * Create and configure a Kerberos Key Distribution Center (KDC)
  * Configure Apache (httpd)
  * Configure DNS (bind)

To accept the default shown in brackets, press the Enter key.

Warning: skipping DNS resolution of host rhel6-2.testrelm.com
The domain name has been determined based on the host name.

Using reverse zone 122.168.192.in-addr.arpa.

The IPA Master Server will be configured with:
Hostname:      rhel6-2.testrelm.com
IP address:    192.168.122.62
Domain name:   testrelm.com
Realm name:    TESTRELM.COM

BIND DNS server will be configured to serve IPA domain with:
Forwarders:    192.168.122.1
Reverse zone:  122.168.192.in-addr.arpa.

Configuring NTP daemon (ntpd)
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server for the CA (pkids): Estimated time 30 seconds
  [1/3]: creating directory server user
  [2/3]: creating directory server instance
  [3/3]: restarting directory server
Done configuring directory server for the CA (pkids).
Configuring certificate server (pki-cad): Estimated time 3 minutes 30 seconds
  [1/21]: creating certificate server user
  [2/21]: creating pki-ca instance
  [3/21]: configuring certificate server instance
  [4/21]: disabling nonces
  [5/21]: creating CA agent PKCS#12 file in /root
  [6/21]: creating RA agent certificate database
  [7/21]: importing CA chain to RA certificate database
  [8/21]: fixing RA database permissions
  [9/21]: setting up signing cert profile
  [10/21]: set up CRL publishing
  [11/21]: set certificate subject base
  [12/21]: enabling Subject Key Identifier
  [13/21]: setting audit signing renewal to 2 years
  [14/21]: configuring certificate server to start on boot
  [15/21]: restarting certificate server
  [16/21]: requesting RA certificate from CA
  [17/21]: issuing RA agent certificate
  [18/21]: adding RA agent as a trusted user
  [19/21]: configure certificate renewals
  [20/21]: configure Server-Cert certificate renewal
  [21/21]: Configure HTTP to proxy connections
Done configuring certificate server (pki-cad).
Configuring directory server (dirsrv): Estimated time 1 minute
  [1/38]: creating directory server user
  [2/38]: creating directory server instance
  [3/38]: adding default schema
  [4/38]: enabling memberof plugin
  [5/38]: enabling winsync plugin
  [6/38]: configuring replication version plugin
  [7/38]: enabling IPA enrollment plugin
  [8/38]: enabling ldapi
  [9/38]: disabling betxn plugins
  [10/38]: configuring uniqueness plugin
  [11/38]: configuring uuid plugin
  [12/38]: configuring modrdn plugin
  [13/38]: enabling entryUSN plugin
  [14/38]: configuring lockout plugin
  [15/38]: creating indices
  [16/38]: enabling referential integrity plugin
  [17/38]: configuring ssl for ds instance
  [18/38]: configuring certmap.conf
  [19/38]: configure autobind for root
  [20/38]: configure new location for managed entries
  [21/38]: restarting directory server
  [22/38]: adding default layout
  [23/38]: adding delegation layout
  [24/38]: adding replication acis
  [25/38]: creating container for managed entries
  [26/38]: configuring user private groups
  [27/38]: configuring netgroups from hostgroups
  [28/38]: creating default Sudo bind user
  [29/38]: creating default Auto Member layout
  [30/38]: adding range check plugin
  [31/38]: creating default HBAC rule allow_all
  [32/38]: Upload CA cert to the directory
  [33/38]: initializing group membership
  [34/38]: adding master entry
  [35/38]: configuring Posix uid/gid generation
  [36/38]: enabling compatibility plugin
  [37/38]: tuning directory server
  [38/38]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring Kerberos KDC (krb5kdc): Estimated time 30 seconds
  [1/10]: adding sasl mappings to the directory
  [2/10]: adding kerberos container to the directory
  [3/10]: configuring KDC
  [4/10]: initialize kerberos container
  [5/10]: adding default ACIs
  [6/10]: creating a keytab for the directory
  [7/10]: creating a keytab for the machine
  [8/10]: adding the password extension to the directory
  [9/10]: starting the KDC
  [10/10]: configuring KDC to start on boot
Done configuring Kerberos KDC (krb5kdc).
Configuring kadmin
  [1/2]: starting kadmin 
  [2/2]: configuring kadmin to start on boot
Done configuring kadmin.
Configuring ipa_memcached
  [1/2]: starting ipa_memcached 
  [2/2]: configuring ipa_memcached to start on boot
Done configuring ipa_memcached.
Configuring the web interface (httpd): Estimated time 1 minute
  [1/13]: setting mod_nss port to 443
  [2/13]: setting mod_nss password file
  [3/13]: enabling mod_nss renegotiate
  [4/13]: adding URL rewriting rules
  [5/13]: configuring httpd
  [6/13]: setting up ssl
  [7/13]: setting up browser autoconfig
  [8/13]: publish CA cert
  [9/13]: creating a keytab for httpd
  [10/13]: clean up any existing httpd ccache
  [11/13]: configuring SELinux for httpd
  [12/13]: restarting httpd
  [13/13]: configuring httpd to start on boot
Done configuring the web interface (httpd).
Applying LDAP updates
Restarting the directory server
Restarting the KDC
Configuring DNS (named)
  [1/9]: adding DNS container
  [2/9]: setting up our zone
  [3/9]: setting up reverse zone
  [4/9]: setting up our own record
  [5/9]: setting up kerberos principal
  [6/9]: setting up named.conf
  [7/9]: restarting named
  [8/9]: configuring named to start on boot
  [9/9]: changing resolv.conf to point to ourselves
Done configuring DNS (named).

Global DNS configuration in LDAP server is empty
You can use 'dnsconfig-mod' command to set global DNS options that
would override settings in local named.conf files

Restarting the web server
==============================================================================
Setup complete

Next steps:
	1. You must make sure these network ports are open:
		TCP Ports:
		  * 80, 443: HTTP/HTTPS
		  * 389, 636: LDAP/LDAPS
		  * 88, 464: kerberos
		  * 53: bind
		UDP Ports:
		  * 88, 464: kerberos
		  * 53: bind
		  * 123: ntp

	2. You can now obtain a kerberos ticket using the command: 'kinit admin'
	   This ticket will allow you to use the IPA tools (e.g., ipa user-add)
	   and the web user interface.

Be sure to back up the CA certificate stored in /root/cacert.p12
This file is required to create replicas. The password for this
file is the Directory Manager password

Automated Test Results (manually run) ::


[root@rhel6-2 install-server-cli]# verify_useradd
:: [20:36:05] ::  EXECUTING: ipa user-add --first=TestUser1 --last=TestUser1 TestUser1
----------------------
Added user "testuser1"
----------------------
  User login: testuser1
  First name: TestUser1
  Last name: TestUser1
  Full name: TestUser1 TestUser1
  Display name: TestUser1 TestUser1
  Initials: TT
  Home directory: /home/testuser1
  GECOS field: TestUser1 TestUser1
  Login shell: /bin/sh
  Kerberos principal: testuser1
  Email address: testuser1
  UID: 5001
  GID: 5001
  Password: False
  Kerberos keys available: False
:: [   PASS   ] ::  Added new user within given uid range
:: [20:36:09] ::  EXECUTING: ipa user-add --first=TestUser2 --last=TestUser2 TestUser2
----------------------
Added user "testuser2"
----------------------
  User login: testuser2
  First name: TestUser2
  Last name: TestUser2
  Full name: TestUser2 TestUser2
  Display name: TestUser2 TestUser2
  Initials: TT
  Home directory: /home/testuser2
  GECOS field: TestUser2 TestUser2
  Login shell: /bin/sh
  Kerberos principal: testuser2
  Email address: testuser2
  UID: 5003
  GID: 5003
  Password: False
  Kerberos keys available: False
:: [   PASS   ] ::  Added new user within given uid range
:: [20:36:10] ::  EXECUTING: ipa user-add --first=TestUser3 --last=TestUser3 TestUser3
----------------------
Added user "testuser3"
----------------------
  User login: testuser3
  First name: TestUser3
  Last name: TestUser3
  Full name: TestUser3 TestUser3
  Display name: TestUser3 TestUser3
  Initials: TT
  Home directory: /home/testuser3
  GECOS field: TestUser3 TestUser3
  Login shell: /bin/sh
  Kerberos principal: testuser3
  Email address: testuser3
  UID: 5004
  GID: 5004
  Password: False
  Kerberos keys available: False
:: [   PASS   ] ::  Added new user within given uid range
:: [20:36:11] ::  EXECUTING: ipa user-add --first=TestUser4 --last=TestUser4 TestUser4
----------------------
Added user "testuser4"
----------------------
  User login: testuser4
  First name: TestUser4
  Last name: TestUser4
  Full name: TestUser4 TestUser4
  Display name: TestUser4 TestUser4
  Initials: TT
  Home directory: /home/testuser4
  GECOS field: TestUser4 TestUser4
  Login shell: /bin/sh
  Kerberos principal: testuser4
  Email address: testuser4
  UID: 5005
  GID: 5005
  Password: False
  Kerberos keys available: False
:: [   PASS   ] ::  Added new user within given uid range
:: [20:36:12] ::  EXECUTING: ipa user-add --first=TestUser5 --last=TestUser5 TestUser5
----------------------
Added user "testuser5"
----------------------
  User login: testuser5
  First name: TestUser5
  Last name: TestUser5
  Full name: TestUser5 TestUser5
  Display name: TestUser5 TestUser5
  Initials: TT
  Home directory: /home/testuser5
  GECOS field: TestUser5 TestUser5
  Login shell: /bin/sh
  Kerberos principal: testuser5
  Email address: testuser5
  UID: 5006
  GID: 5006
  Password: False
  Kerberos keys available: False
:: [   PASS   ] ::  Added new user within given uid range
:: [20:36:13] ::  EXECUTING: ipa user-add --first=TestUser6 --last=TestUser6 TestUser6
----------------------
Added user "testuser6"
----------------------
  User login: testuser6
  First name: TestUser6
  Last name: TestUser6
  Full name: TestUser6 TestUser6
  Display name: TestUser6 TestUser6
  Initials: TT
  Home directory: /home/testuser6
  GECOS field: TestUser6 TestUser6
  Login shell: /bin/sh
  Kerberos principal: testuser6
  Email address: testuser6
  UID: 5007
  GID: 5007
  Password: False
  Kerberos keys available: False
:: [   PASS   ] ::  Added new user within given uid range
:: [20:36:15] ::  EXECUTING: ipa user-add --first=TestUser7 --last=TestUser7 TestUser7
----------------------
Added user "testuser7"
----------------------
  User login: testuser7
  First name: TestUser7
  Last name: TestUser7
  Full name: TestUser7 TestUser7
  Display name: TestUser7 TestUser7
  Initials: TT
  Home directory: /home/testuser7
  GECOS field: TestUser7 TestUser7
  Login shell: /bin/sh
  Kerberos principal: testuser7
  Email address: testuser7
  UID: 5008
  GID: 5008
  Password: False
  Kerberos keys available: False
:: [   PASS   ] ::  Added new user within given uid range
:: [20:36:16] ::  EXECUTING: ipa user-add --first=TestUser8 --last=TestUser8 TestUser8
----------------------
Added user "testuser8"
----------------------
  User login: testuser8
  First name: TestUser8
  Last name: TestUser8
  Full name: TestUser8 TestUser8
  Display name: TestUser8 TestUser8
  Initials: TT
  Home directory: /home/testuser8
  GECOS field: TestUser8 TestUser8
  Login shell: /bin/sh
  Kerberos principal: testuser8
  Email address: testuser8
  UID: 5009
  GID: 5009
  Password: False
  Kerberos keys available: False
:: [   PASS   ] ::  Added new user within given uid range
:: [20:36:17] ::  EXECUTING: ipa user-add --first=TestUser9 --last=TestUser9 TestUser9
----------------------
Added user "testuser9"
----------------------
  User login: testuser9
  First name: TestUser9
  Last name: TestUser9
  Full name: TestUser9 TestUser9
  Display name: TestUser9 TestUser9
  Initials: TT
  Home directory: /home/testuser9
  GECOS field: TestUser9 TestUser9
  Login shell: /bin/sh
  Kerberos principal: testuser9
  Email address: testuser9
  UID: 5010
  GID: 5010
  Password: False
  Kerberos keys available: False
:: [   PASS   ] ::  Added new user within given uid range
-----------------------
Added user "testuser20"
-----------------------
  User login: testuser20
  First name: TestUser20
  Last name: TestUser20
  Full name: TestUser20 TestUser20
  Display name: TestUser20 TestUser20
  Initials: TT
  Home directory: /home/testuser20
  GECOS field: TestUser20 TestUser20
  Login shell: /bin/sh
  Kerberos principal: testuser20
  Email address: testuser20
  UID: 5020
  GID: 5020
  Password: False
  Kerberos keys available: False
:: [   PASS   ] ::  Added new user outside uid range
:: [20:36:19] ::  EXECUTING: ipa user-find --uid=5001
--------------
1 user matched
--------------
  User login: testuser1
  First name: TestUser1
  Last name: TestUser1
  Home directory: /home/testuser1
  Login shell: /bin/sh
  Email address: testuser1
  UID: 5001
  GID: 5001
  Account disabled: False
  Password: False
  Kerberos keys available: False
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Running 'ipa user-find --uid=5001'
:: [20:36:19] ::  EXECUTING: ipa user-find --uid=5003
--------------
1 user matched
--------------
  User login: testuser2
  First name: TestUser2
  Last name: TestUser2
  Home directory: /home/testuser2
  Login shell: /bin/sh
  Email address: testuser2
  UID: 5003
  GID: 5003
  Account disabled: False
  Password: False
  Kerberos keys available: False
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Running 'ipa user-find --uid=5003'
:: [20:36:20] ::  EXECUTING: ipa user-find --uid=5004
--------------
1 user matched
--------------
  User login: testuser3
  First name: TestUser3
  Last name: TestUser3
  Home directory: /home/testuser3
  Login shell: /bin/sh
  Email address: testuser3
  UID: 5004
  GID: 5004
  Account disabled: False
  Password: False
  Kerberos keys available: False
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Running 'ipa user-find --uid=5004'
:: [20:36:21] ::  EXECUTING: ipa user-find --uid=5005
--------------
1 user matched
--------------
  User login: testuser4
  First name: TestUser4
  Last name: TestUser4
  Home directory: /home/testuser4
  Login shell: /bin/sh
  Email address: testuser4
  UID: 5005
  GID: 5005
  Account disabled: False
  Password: False
  Kerberos keys available: False
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Running 'ipa user-find --uid=5005'
:: [20:36:21] ::  EXECUTING: ipa user-find --uid=5006
--------------
1 user matched
--------------
  User login: testuser5
  First name: TestUser5
  Last name: TestUser5
  Home directory: /home/testuser5
  Login shell: /bin/sh
  Email address: testuser5
  UID: 5006
  GID: 5006
  Account disabled: False
  Password: False
  Kerberos keys available: False
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Running 'ipa user-find --uid=5006'
:: [20:36:22] ::  EXECUTING: ipa user-find --uid=5007
--------------
1 user matched
--------------
  User login: testuser6
  First name: TestUser6
  Last name: TestUser6
  Home directory: /home/testuser6
  Login shell: /bin/sh
  Email address: testuser6
  UID: 5007
  GID: 5007
  Account disabled: False
  Password: False
  Kerberos keys available: False
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Running 'ipa user-find --uid=5007'
:: [20:36:22] ::  EXECUTING: ipa user-find --uid=5008
--------------
1 user matched
--------------
  User login: testuser7
  First name: TestUser7
  Last name: TestUser7
  Home directory: /home/testuser7
  Login shell: /bin/sh
  Email address: testuser7
  UID: 5008
  GID: 5008
  Account disabled: False
  Password: False
  Kerberos keys available: False
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Running 'ipa user-find --uid=5008'
:: [20:36:23] ::  EXECUTING: ipa user-find --uid=5009
--------------
1 user matched
--------------
  User login: testuser8
  First name: TestUser8
  Last name: TestUser8
  Home directory: /home/testuser8
  Login shell: /bin/sh
  Email address: testuser8
  UID: 5009
  GID: 5009
  Account disabled: False
  Password: False
  Kerberos keys available: False
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Running 'ipa user-find --uid=5009'
:: [20:36:23] ::  EXECUTING: ipa user-find --uid=5010
--------------
1 user matched
--------------
  User login: testuser9
  First name: TestUser9
  Last name: TestUser9
  Home directory: /home/testuser9
  Login shell: /bin/sh
  Email address: testuser9
  UID: 5010
  GID: 5010
  Account disabled: False
  Password: False
  Kerberos keys available: False
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Running 'ipa user-find --uid=5010'
:: [20:36:24] ::  EXECUTING: ipa group-find --private --gid=5003
---------------
1 group matched
---------------
  Group name: testuser2
  Description: User private group for testuser2
  GID: 5003
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Verifying group with expected gid
:: [20:36:24] ::  EXECUTING: ipa group-find --private --gid=5004
---------------
1 group matched
---------------
  Group name: testuser3
  Description: User private group for testuser3
  GID: 5004
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Verifying group with expected gid
:: [20:36:25] ::  EXECUTING: ipa group-find --private --gid=5005
---------------
1 group matched
---------------
  Group name: testuser4
  Description: User private group for testuser4
  GID: 5005
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Verifying group with expected gid
:: [20:36:26] ::  Executing: ipa user-add --first=TestUser --last=TestUser TestUser
ipa: ERROR: Operations error: Allocation of a new value for range cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed.
:: [20:36:26] ::  "ipa user-add --first=TestUser --last=TestUser TestUser" failed as expected.
:: [   PASS   ] :: Error message as expected: ipa: ERROR: Operations error: Allocation of a new value for range cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed.
:: [   PASS   ] :: Verify expected error message when adding users after uid range is depleted
:: [   PASS   ] :: BZ 891930 not found

Manual Test Results ::

[root@rhel6-2 install-server-cli]# ipa user-add newtestuser --first=f --last=l
ipa: ERROR: Operations error: Allocation of a new value for range cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed.

Comment 8 errata-xmlrpc 2013-02-21 08:21:55 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0503.html

Note You need to log in before you can comment on or make changes to this bug.