freeipa

Clone
Source Code
GIT

#2133 uidNumber and gidNumber are not synced from Active Directory during winsync operation.
Closed: Duplicate None Opened 12 years ago by dpal.

Closed: Duplicate
Reopen Issue

https://bugzilla.redhat.com/show_bug.cgi?id=755436

Description of problem:
During system integration test day for ipa, atolani found that uidNumber and
gidNumber from Active Directory did not get synced during a winsync operation.
Thanks to atolani for reporting this.


Version-Release number of selected component (if applicable):
ipa-server-2.1.3-9.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Create user in AD with a specific uidNumber. (1000099999 in this case)
[root@decepticons ~]# ldapsearch -LLL -x -h dhcp201-112.englab.pnq.redhat.com
-D "cn=Administrator,cn=Users,dc=englab,dc=pnq,dc=redhat,dc=com" -w Secret123
-b "CN=user4 4. user4,CN=Users,dc=englab,dc=pnq,dc=redhat,dc=com" uidNumber
gidNumber unixHomeDirectory loginShell
dn: CN=user4 4. user4,CN=Users,DC=englab,DC=pnq,DC=redhat,DC=com
uidNumber: 1000099999
gidNumber: 1000099999
unixHomeDirectory: /home/userfour
loginShell: /bin/bash


2. Perform sync operation.
ipa-replica-manage connect --winsync --passsync=password
--cacert=/root/wincertnew.cer dhcp201-112.englab.pnq.redhat.com --binddn
"cn=Administrator,cn=Users,dc=englab,dc=pnq,dc=redhat,dc=com" --bindpw
Secret123 -v -p Secret123

3. Verify on ipa server with "ipa user-show user4 --all --raw"


Actual results: uidNumber and gidNumber are not synced and are assigned from
IPA  servers range.
[root@decepticons ~]# ipa user-show user4 --all --raw
  dn: uid=user4,cn=users,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  uid: user4
  givenname: user4
  sn: user4
  cn: user4 4. user4
  initials: 4
  homedirectory: /home/user4               <<<<<<<<<<<<<<<
  gecos: user4 4. user4
  loginshell: /bin/sh               <<<<<<<<<<<<<<<
  krbprincipalname: user4@LAB.ENG.PNQ.REDHAT.COM
  uidnumber: 1814400123               <<<<<<<<<<<<<<<
  gidnumber: 1814400123               <<<<<<<<<<<<<<<
  nsaccountlock: False
  has_keytab: False
  has_password: False
  ipauniqueid: cd8e36c0-1406-11e1-90cf-525400f56e2e
  mepmanagedentry:
cn=user4,cn=groups,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com
  ntuniqueid: f016a60c20bff0469fab24cd015f2a93
  ntuseracctexpires: 9223372036854775807
  ntusercodepage: MA==
  ntuserdeleteaccount: true
  ntuserdomainid: user4
  objectclass: top
  objectclass: person
  objectclass: organizationalperson
  objectclass: inetOrgPerson
  objectclass: ntUser
  objectclass: inetuser
  objectclass: posixaccount
  objectclass: krbprincipalaux
  objectclass: krbticketpolicyaux
  objectclass: ipaobject
  objectclass: mepOriginEntry
[root@decepticons ~]#

Expected results:
uidNumber and gidNumber are synced from Active Directory.

Additional info: See the same behavior with "login shell" and "home directory".

This is achieved in ticket #3007 which is currently in 3.0 RC1. We should probably close one of these and decide its importance.

Metadata Update from @dpal:
- Issue set to the milestone: Ticket Backlog
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
normal
None
None
None
None
defect
None
None
IPA
None
0
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=755436
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.