Bug 891930 - DNA plugin no longer reports additional info when range is depleted
DNA plugin no longer reports additional info when range is depleted
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: 389-ds-base (Show other bugs)
6.4
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Rich Megginson
Sankar Ramalingam
: Regression
Depends On:
Blocks: 895654
  Show dependency treegraph
 
Reported: 2013-01-04 09:31 EST by Martin Kosek
Modified: 2015-05-12 06:54 EDT (History)
6 users (show)

See Also:
Fixed In Version: 389-ds-base-1.2.11.15-9.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-21 03:21:55 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Martin Kosek 2013-01-04 09:31:44 EST
Description of problem:

DNS plugin no longer reports additional info when range is depleted.

In RHEL-6.3: 389-ds-base-1.2.10.2-15.el6.x86_64

# ipa user-add --first=Foo --last=Bar fbar10
ipa: ERROR: Operations error: Allocation of a new value for range cn=posix
ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed!
Unable to proceed.

Direct ldapadd:
# ldapadd -h localhost -Y GSSAPI
SASL/GSSAPI authentication started
SASL username: admin@IDM.LAB.BOS.REDHAT.COM
SASL SSF: 56
SASL data security layer installed.
dn: uid=fbar10,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
uid: fbar10
sn: Bar
cn: Foo Bar
homedirectory: /home/fbar10
krbprincipalname: fbar10@IDM.LAB.BOS.REDHAT.COM
uidnumber: 999
gidnumber: 999
nsaccountlock: False
krbpwdpolicyreference:
cn=global_policy,cn=IDM.LAB.BOS.REDHAT.COM,cn=kerberos,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
objectclass: top
objectclass: person
objectclass: organizationalperson
objectclass: inetorgperson
objectclass: inetuser
objectclass: posixaccount
objectclass: krbprincipalaux
objectclass: krbticketpolicyaux
objectclass: ipaobject
objectclass: ipasshuser
objectclass: ipaSshGroupOfPubKeys
objectclass: mepOriginEntry

adding new entry
"uid=fbar10,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com"
ldap_add: Operations error (1)
	additional info: Allocation of a new value for range cn=posix
ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed!
Unable to proceed.

<<< Additional info present


In RHEL-6.4: 389-ds-base-1.2.11.15-8.el6.x86_64

# ipa user-add --first=Foo --last=Bar fbar10
ipa: ERROR: Operations error:

Direct ldapadd:
# ldapadd -h localhost -Y GSSAPI
SASL/GSSAPI authentication started
SASL username: admin@IDM.LAB.BOS.REDHAT.COM
SASL SSF: 56
SASL data security layer installed.
dn: uid=fbar10,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
uid: fbar10
sn: Bar
cn: Foo Bar
homedirectory: /home/fbar10
krbprincipalname: fbar10@IDM.LAB.BOS.REDHAT.COM
uidnumber: 999
gidnumber: 999
nsaccountlock: False
krbpwdpolicyreference:
cn=global_policy,cn=IDM.LAB.BOS.REDHAT.COM,cn=kerberos,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
objectclass: top
objectclass: person
objectclass: organizationalperson
objectclass: inetorgperson
objectclass: inetuser
objectclass: posixaccount
objectclass: krbprincipalaux
objectclass: krbticketpolicyaux
objectclass: ipaobject
objectclass: ipasshuser
objectclass: ipaSshGroupOfPubKeys
objectclass: mepOriginEntry

adding new entry
"uid=fbar10,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com"
ldap_add: Operations error (1)


Version-Release number of selected component (if applicable):
389-ds-base-1.2.11.15-8.el6.x86_64

How reproducible:


Steps to Reproduce:
1. Install and configure ipa server
2. Add so many users to deplete default configured UID range
3. Add a user when the DNS plugin UID range is depleted
  
Actual results:
Operations Error with no additional info is reported

Expected results:
Operations Error with additional info is reported

Additional info:
Comment 3 Nathan Kinder 2013-01-04 14:37:04 EST
This regression is caused by a change that was made to have DNA allocate values at backend preop time (as opposed to the regular preop phase).

I have a working patch that I will be sending out for review shortly.
Comment 4 Nathan Kinder 2013-01-04 14:41:05 EST
Upstream ticket:
https://fedorahosted.org/389/ticket/549
Comment 7 Scott Poore 2013-01-04 21:45:12 EST
Verified.

Version ::

389-ds-base-1.2.11.15-9.el6.x86_64

Pre Test Setup ::

[root@rhel6-2 install-server-cli]# ipa-server-install --setup-dns --forwarder=$DNSFORWARD  -r $RELM -p $ADMINPW -P $ADMINPW -a $ADMINPW --idstart=5000 --idmax=5010 -U

The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will set up the IPA Server.

This includes:
  * Configure a stand-alone CA (dogtag) for certificate management
  * Configure the Network Time Daemon (ntpd)
  * Create and configure an instance of Directory Server
  * Create and configure a Kerberos Key Distribution Center (KDC)
  * Configure Apache (httpd)
  * Configure DNS (bind)

To accept the default shown in brackets, press the Enter key.

Warning: skipping DNS resolution of host rhel6-2.testrelm.com
The domain name has been determined based on the host name.

Using reverse zone 122.168.192.in-addr.arpa.

The IPA Master Server will be configured with:
Hostname:      rhel6-2.testrelm.com
IP address:    192.168.122.62
Domain name:   testrelm.com
Realm name:    TESTRELM.COM

BIND DNS server will be configured to serve IPA domain with:
Forwarders:    192.168.122.1
Reverse zone:  122.168.192.in-addr.arpa.

Configuring NTP daemon (ntpd)
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server for the CA (pkids): Estimated time 30 seconds
  [1/3]: creating directory server user
  [2/3]: creating directory server instance
  [3/3]: restarting directory server
Done configuring directory server for the CA (pkids).
Configuring certificate server (pki-cad): Estimated time 3 minutes 30 seconds
  [1/21]: creating certificate server user
  [2/21]: creating pki-ca instance
  [3/21]: configuring certificate server instance
  [4/21]: disabling nonces
  [5/21]: creating CA agent PKCS#12 file in /root
  [6/21]: creating RA agent certificate database
  [7/21]: importing CA chain to RA certificate database
  [8/21]: fixing RA database permissions
  [9/21]: setting up signing cert profile
  [10/21]: set up CRL publishing
  [11/21]: set certificate subject base
  [12/21]: enabling Subject Key Identifier
  [13/21]: setting audit signing renewal to 2 years
  [14/21]: configuring certificate server to start on boot
  [15/21]: restarting certificate server
  [16/21]: requesting RA certificate from CA
  [17/21]: issuing RA agent certificate
  [18/21]: adding RA agent as a trusted user
  [19/21]: configure certificate renewals
  [20/21]: configure Server-Cert certificate renewal
  [21/21]: Configure HTTP to proxy connections
Done configuring certificate server (pki-cad).
Configuring directory server (dirsrv): Estimated time 1 minute
  [1/38]: creating directory server user
  [2/38]: creating directory server instance
  [3/38]: adding default schema
  [4/38]: enabling memberof plugin
  [5/38]: enabling winsync plugin
  [6/38]: configuring replication version plugin
  [7/38]: enabling IPA enrollment plugin
  [8/38]: enabling ldapi
  [9/38]: disabling betxn plugins
  [10/38]: configuring uniqueness plugin
  [11/38]: configuring uuid plugin
  [12/38]: configuring modrdn plugin
  [13/38]: enabling entryUSN plugin
  [14/38]: configuring lockout plugin
  [15/38]: creating indices
  [16/38]: enabling referential integrity plugin
  [17/38]: configuring ssl for ds instance
  [18/38]: configuring certmap.conf
  [19/38]: configure autobind for root
  [20/38]: configure new location for managed entries
  [21/38]: restarting directory server
  [22/38]: adding default layout
  [23/38]: adding delegation layout
  [24/38]: adding replication acis
  [25/38]: creating container for managed entries
  [26/38]: configuring user private groups
  [27/38]: configuring netgroups from hostgroups
  [28/38]: creating default Sudo bind user
  [29/38]: creating default Auto Member layout
  [30/38]: adding range check plugin
  [31/38]: creating default HBAC rule allow_all
  [32/38]: Upload CA cert to the directory
  [33/38]: initializing group membership
  [34/38]: adding master entry
  [35/38]: configuring Posix uid/gid generation
  [36/38]: enabling compatibility plugin
  [37/38]: tuning directory server
  [38/38]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring Kerberos KDC (krb5kdc): Estimated time 30 seconds
  [1/10]: adding sasl mappings to the directory
  [2/10]: adding kerberos container to the directory
  [3/10]: configuring KDC
  [4/10]: initialize kerberos container
  [5/10]: adding default ACIs
  [6/10]: creating a keytab for the directory
  [7/10]: creating a keytab for the machine
  [8/10]: adding the password extension to the directory
  [9/10]: starting the KDC
  [10/10]: configuring KDC to start on boot
Done configuring Kerberos KDC (krb5kdc).
Configuring kadmin
  [1/2]: starting kadmin 
  [2/2]: configuring kadmin to start on boot
Done configuring kadmin.
Configuring ipa_memcached
  [1/2]: starting ipa_memcached 
  [2/2]: configuring ipa_memcached to start on boot
Done configuring ipa_memcached.
Configuring the web interface (httpd): Estimated time 1 minute
  [1/13]: setting mod_nss port to 443
  [2/13]: setting mod_nss password file
  [3/13]: enabling mod_nss renegotiate
  [4/13]: adding URL rewriting rules
  [5/13]: configuring httpd
  [6/13]: setting up ssl
  [7/13]: setting up browser autoconfig
  [8/13]: publish CA cert
  [9/13]: creating a keytab for httpd
  [10/13]: clean up any existing httpd ccache
  [11/13]: configuring SELinux for httpd
  [12/13]: restarting httpd
  [13/13]: configuring httpd to start on boot
Done configuring the web interface (httpd).
Applying LDAP updates
Restarting the directory server
Restarting the KDC
Configuring DNS (named)
  [1/9]: adding DNS container
  [2/9]: setting up our zone
  [3/9]: setting up reverse zone
  [4/9]: setting up our own record
  [5/9]: setting up kerberos principal
  [6/9]: setting up named.conf
  [7/9]: restarting named
  [8/9]: configuring named to start on boot
  [9/9]: changing resolv.conf to point to ourselves
Done configuring DNS (named).

Global DNS configuration in LDAP server is empty
You can use 'dnsconfig-mod' command to set global DNS options that
would override settings in local named.conf files

Restarting the web server
==============================================================================
Setup complete

Next steps:
	1. You must make sure these network ports are open:
		TCP Ports:
		  * 80, 443: HTTP/HTTPS
		  * 389, 636: LDAP/LDAPS
		  * 88, 464: kerberos
		  * 53: bind
		UDP Ports:
		  * 88, 464: kerberos
		  * 53: bind
		  * 123: ntp

	2. You can now obtain a kerberos ticket using the command: 'kinit admin'
	   This ticket will allow you to use the IPA tools (e.g., ipa user-add)
	   and the web user interface.

Be sure to back up the CA certificate stored in /root/cacert.p12
This file is required to create replicas. The password for this
file is the Directory Manager password

Automated Test Results (manually run) ::


[root@rhel6-2 install-server-cli]# verify_useradd
:: [20:36:05] ::  EXECUTING: ipa user-add --first=TestUser1 --last=TestUser1 TestUser1
----------------------
Added user "testuser1"
----------------------
  User login: testuser1
  First name: TestUser1
  Last name: TestUser1
  Full name: TestUser1 TestUser1
  Display name: TestUser1 TestUser1
  Initials: TT
  Home directory: /home/testuser1
  GECOS field: TestUser1 TestUser1
  Login shell: /bin/sh
  Kerberos principal: testuser1@TESTRELM.COM
  Email address: testuser1@testrelm.com
  UID: 5001
  GID: 5001
  Password: False
  Kerberos keys available: False
:: [   PASS   ] ::  Added new user within given uid range
:: [20:36:09] ::  EXECUTING: ipa user-add --first=TestUser2 --last=TestUser2 TestUser2
----------------------
Added user "testuser2"
----------------------
  User login: testuser2
  First name: TestUser2
  Last name: TestUser2
  Full name: TestUser2 TestUser2
  Display name: TestUser2 TestUser2
  Initials: TT
  Home directory: /home/testuser2
  GECOS field: TestUser2 TestUser2
  Login shell: /bin/sh
  Kerberos principal: testuser2@TESTRELM.COM
  Email address: testuser2@testrelm.com
  UID: 5003
  GID: 5003
  Password: False
  Kerberos keys available: False
:: [   PASS   ] ::  Added new user within given uid range
:: [20:36:10] ::  EXECUTING: ipa user-add --first=TestUser3 --last=TestUser3 TestUser3
----------------------
Added user "testuser3"
----------------------
  User login: testuser3
  First name: TestUser3
  Last name: TestUser3
  Full name: TestUser3 TestUser3
  Display name: TestUser3 TestUser3
  Initials: TT
  Home directory: /home/testuser3
  GECOS field: TestUser3 TestUser3
  Login shell: /bin/sh
  Kerberos principal: testuser3@TESTRELM.COM
  Email address: testuser3@testrelm.com
  UID: 5004
  GID: 5004
  Password: False
  Kerberos keys available: False
:: [   PASS   ] ::  Added new user within given uid range
:: [20:36:11] ::  EXECUTING: ipa user-add --first=TestUser4 --last=TestUser4 TestUser4
----------------------
Added user "testuser4"
----------------------
  User login: testuser4
  First name: TestUser4
  Last name: TestUser4
  Full name: TestUser4 TestUser4
  Display name: TestUser4 TestUser4
  Initials: TT
  Home directory: /home/testuser4
  GECOS field: TestUser4 TestUser4
  Login shell: /bin/sh
  Kerberos principal: testuser4@TESTRELM.COM
  Email address: testuser4@testrelm.com
  UID: 5005
  GID: 5005
  Password: False
  Kerberos keys available: False
:: [   PASS   ] ::  Added new user within given uid range
:: [20:36:12] ::  EXECUTING: ipa user-add --first=TestUser5 --last=TestUser5 TestUser5
----------------------
Added user "testuser5"
----------------------
  User login: testuser5
  First name: TestUser5
  Last name: TestUser5
  Full name: TestUser5 TestUser5
  Display name: TestUser5 TestUser5
  Initials: TT
  Home directory: /home/testuser5
  GECOS field: TestUser5 TestUser5
  Login shell: /bin/sh
  Kerberos principal: testuser5@TESTRELM.COM
  Email address: testuser5@testrelm.com
  UID: 5006
  GID: 5006
  Password: False
  Kerberos keys available: False
:: [   PASS   ] ::  Added new user within given uid range
:: [20:36:13] ::  EXECUTING: ipa user-add --first=TestUser6 --last=TestUser6 TestUser6
----------------------
Added user "testuser6"
----------------------
  User login: testuser6
  First name: TestUser6
  Last name: TestUser6
  Full name: TestUser6 TestUser6
  Display name: TestUser6 TestUser6
  Initials: TT
  Home directory: /home/testuser6
  GECOS field: TestUser6 TestUser6
  Login shell: /bin/sh
  Kerberos principal: testuser6@TESTRELM.COM
  Email address: testuser6@testrelm.com
  UID: 5007
  GID: 5007
  Password: False
  Kerberos keys available: False
:: [   PASS   ] ::  Added new user within given uid range
:: [20:36:15] ::  EXECUTING: ipa user-add --first=TestUser7 --last=TestUser7 TestUser7
----------------------
Added user "testuser7"
----------------------
  User login: testuser7
  First name: TestUser7
  Last name: TestUser7
  Full name: TestUser7 TestUser7
  Display name: TestUser7 TestUser7
  Initials: TT
  Home directory: /home/testuser7
  GECOS field: TestUser7 TestUser7
  Login shell: /bin/sh
  Kerberos principal: testuser7@TESTRELM.COM
  Email address: testuser7@testrelm.com
  UID: 5008
  GID: 5008
  Password: False
  Kerberos keys available: False
:: [   PASS   ] ::  Added new user within given uid range
:: [20:36:16] ::  EXECUTING: ipa user-add --first=TestUser8 --last=TestUser8 TestUser8
----------------------
Added user "testuser8"
----------------------
  User login: testuser8
  First name: TestUser8
  Last name: TestUser8
  Full name: TestUser8 TestUser8
  Display name: TestUser8 TestUser8
  Initials: TT
  Home directory: /home/testuser8
  GECOS field: TestUser8 TestUser8
  Login shell: /bin/sh
  Kerberos principal: testuser8@TESTRELM.COM
  Email address: testuser8@testrelm.com
  UID: 5009
  GID: 5009
  Password: False
  Kerberos keys available: False
:: [   PASS   ] ::  Added new user within given uid range
:: [20:36:17] ::  EXECUTING: ipa user-add --first=TestUser9 --last=TestUser9 TestUser9
----------------------
Added user "testuser9"
----------------------
  User login: testuser9
  First name: TestUser9
  Last name: TestUser9
  Full name: TestUser9 TestUser9
  Display name: TestUser9 TestUser9
  Initials: TT
  Home directory: /home/testuser9
  GECOS field: TestUser9 TestUser9
  Login shell: /bin/sh
  Kerberos principal: testuser9@TESTRELM.COM
  Email address: testuser9@testrelm.com
  UID: 5010
  GID: 5010
  Password: False
  Kerberos keys available: False
:: [   PASS   ] ::  Added new user within given uid range
-----------------------
Added user "testuser20"
-----------------------
  User login: testuser20
  First name: TestUser20
  Last name: TestUser20
  Full name: TestUser20 TestUser20
  Display name: TestUser20 TestUser20
  Initials: TT
  Home directory: /home/testuser20
  GECOS field: TestUser20 TestUser20
  Login shell: /bin/sh
  Kerberos principal: testuser20@TESTRELM.COM
  Email address: testuser20@testrelm.com
  UID: 5020
  GID: 5020
  Password: False
  Kerberos keys available: False
:: [   PASS   ] ::  Added new user outside uid range
:: [20:36:19] ::  EXECUTING: ipa user-find --uid=5001
--------------
1 user matched
--------------
  User login: testuser1
  First name: TestUser1
  Last name: TestUser1
  Home directory: /home/testuser1
  Login shell: /bin/sh
  Email address: testuser1@testrelm.com
  UID: 5001
  GID: 5001
  Account disabled: False
  Password: False
  Kerberos keys available: False
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Running 'ipa user-find --uid=5001'
:: [20:36:19] ::  EXECUTING: ipa user-find --uid=5003
--------------
1 user matched
--------------
  User login: testuser2
  First name: TestUser2
  Last name: TestUser2
  Home directory: /home/testuser2
  Login shell: /bin/sh
  Email address: testuser2@testrelm.com
  UID: 5003
  GID: 5003
  Account disabled: False
  Password: False
  Kerberos keys available: False
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Running 'ipa user-find --uid=5003'
:: [20:36:20] ::  EXECUTING: ipa user-find --uid=5004
--------------
1 user matched
--------------
  User login: testuser3
  First name: TestUser3
  Last name: TestUser3
  Home directory: /home/testuser3
  Login shell: /bin/sh
  Email address: testuser3@testrelm.com
  UID: 5004
  GID: 5004
  Account disabled: False
  Password: False
  Kerberos keys available: False
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Running 'ipa user-find --uid=5004'
:: [20:36:21] ::  EXECUTING: ipa user-find --uid=5005
--------------
1 user matched
--------------
  User login: testuser4
  First name: TestUser4
  Last name: TestUser4
  Home directory: /home/testuser4
  Login shell: /bin/sh
  Email address: testuser4@testrelm.com
  UID: 5005
  GID: 5005
  Account disabled: False
  Password: False
  Kerberos keys available: False
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Running 'ipa user-find --uid=5005'
:: [20:36:21] ::  EXECUTING: ipa user-find --uid=5006
--------------
1 user matched
--------------
  User login: testuser5
  First name: TestUser5
  Last name: TestUser5
  Home directory: /home/testuser5
  Login shell: /bin/sh
  Email address: testuser5@testrelm.com
  UID: 5006
  GID: 5006
  Account disabled: False
  Password: False
  Kerberos keys available: False
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Running 'ipa user-find --uid=5006'
:: [20:36:22] ::  EXECUTING: ipa user-find --uid=5007
--------------
1 user matched
--------------
  User login: testuser6
  First name: TestUser6
  Last name: TestUser6
  Home directory: /home/testuser6
  Login shell: /bin/sh
  Email address: testuser6@testrelm.com
  UID: 5007
  GID: 5007
  Account disabled: False
  Password: False
  Kerberos keys available: False
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Running 'ipa user-find --uid=5007'
:: [20:36:22] ::  EXECUTING: ipa user-find --uid=5008
--------------
1 user matched
--------------
  User login: testuser7
  First name: TestUser7
  Last name: TestUser7
  Home directory: /home/testuser7
  Login shell: /bin/sh
  Email address: testuser7@testrelm.com
  UID: 5008
  GID: 5008
  Account disabled: False
  Password: False
  Kerberos keys available: False
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Running 'ipa user-find --uid=5008'
:: [20:36:23] ::  EXECUTING: ipa user-find --uid=5009
--------------
1 user matched
--------------
  User login: testuser8
  First name: TestUser8
  Last name: TestUser8
  Home directory: /home/testuser8
  Login shell: /bin/sh
  Email address: testuser8@testrelm.com
  UID: 5009
  GID: 5009
  Account disabled: False
  Password: False
  Kerberos keys available: False
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Running 'ipa user-find --uid=5009'
:: [20:36:23] ::  EXECUTING: ipa user-find --uid=5010
--------------
1 user matched
--------------
  User login: testuser9
  First name: TestUser9
  Last name: TestUser9
  Home directory: /home/testuser9
  Login shell: /bin/sh
  Email address: testuser9@testrelm.com
  UID: 5010
  GID: 5010
  Account disabled: False
  Password: False
  Kerberos keys available: False
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Running 'ipa user-find --uid=5010'
:: [20:36:24] ::  EXECUTING: ipa group-find --private --gid=5003
---------------
1 group matched
---------------
  Group name: testuser2
  Description: User private group for testuser2
  GID: 5003
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Verifying group with expected gid
:: [20:36:24] ::  EXECUTING: ipa group-find --private --gid=5004
---------------
1 group matched
---------------
  Group name: testuser3
  Description: User private group for testuser3
  GID: 5004
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Verifying group with expected gid
:: [20:36:25] ::  EXECUTING: ipa group-find --private --gid=5005
---------------
1 group matched
---------------
  Group name: testuser4
  Description: User private group for testuser4
  GID: 5005
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Verifying group with expected gid
:: [20:36:26] ::  Executing: ipa user-add --first=TestUser --last=TestUser TestUser
ipa: ERROR: Operations error: Allocation of a new value for range cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed.
:: [20:36:26] ::  "ipa user-add --first=TestUser --last=TestUser TestUser" failed as expected.
:: [   PASS   ] :: Error message as expected: ipa: ERROR: Operations error: Allocation of a new value for range cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed.
:: [   PASS   ] :: Verify expected error message when adding users after uid range is depleted
:: [   PASS   ] :: BZ 891930 not found

Manual Test Results ::

[root@rhel6-2 install-server-cli]# ipa user-add newtestuser --first=f --last=l
ipa: ERROR: Operations error: Allocation of a new value for range cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed.
Comment 8 errata-xmlrpc 2013-02-21 03:21:55 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0503.html

Note You need to log in before you can comment on or make changes to this bug.