https://bugzilla.redhat.com/show_bug.cgi?id=755436
Description of problem: During system integration test day for ipa, atolani found that uidNumber and gidNumber from Active Directory did not get synced during a winsync operation. Thanks to atolani for reporting this. Version-Release number of selected component (if applicable): ipa-server-2.1.3-9.el6.x86_64 How reproducible: Always Steps to Reproduce: 1. Create user in AD with a specific uidNumber. (1000099999 in this case) [root@decepticons ~]# ldapsearch -LLL -x -h dhcp201-112.englab.pnq.redhat.com -D "cn=Administrator,cn=Users,dc=englab,dc=pnq,dc=redhat,dc=com" -w Secret123 -b "CN=user4 4. user4,CN=Users,dc=englab,dc=pnq,dc=redhat,dc=com" uidNumber gidNumber unixHomeDirectory loginShell dn: CN=user4 4. user4,CN=Users,DC=englab,DC=pnq,DC=redhat,DC=com uidNumber: 1000099999 gidNumber: 1000099999 unixHomeDirectory: /home/userfour loginShell: /bin/bash 2. Perform sync operation. ipa-replica-manage connect --winsync --passsync=password --cacert=/root/wincertnew.cer dhcp201-112.englab.pnq.redhat.com --binddn "cn=Administrator,cn=Users,dc=englab,dc=pnq,dc=redhat,dc=com" --bindpw Secret123 -v -p Secret123 3. Verify on ipa server with "ipa user-show user4 --all --raw" Actual results: uidNumber and gidNumber are not synced and are assigned from IPA servers range. [root@decepticons ~]# ipa user-show user4 --all --raw dn: uid=user4,cn=users,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com uid: user4 givenname: user4 sn: user4 cn: user4 4. user4 initials: 4 homedirectory: /home/user4 <<<<<<<<<<<<<<< gecos: user4 4. user4 loginshell: /bin/sh <<<<<<<<<<<<<<< krbprincipalname: user4@LAB.ENG.PNQ.REDHAT.COM uidnumber: 1814400123 <<<<<<<<<<<<<<< gidnumber: 1814400123 <<<<<<<<<<<<<<< nsaccountlock: False has_keytab: False has_password: False ipauniqueid: cd8e36c0-1406-11e1-90cf-525400f56e2e mepmanagedentry: cn=user4,cn=groups,cn=accounts,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com ntuniqueid: f016a60c20bff0469fab24cd015f2a93 ntuseracctexpires: 9223372036854775807 ntusercodepage: MA== ntuserdeleteaccount: true ntuserdomainid: user4 objectclass: top objectclass: person objectclass: organizationalperson objectclass: inetOrgPerson objectclass: ntUser objectclass: inetuser objectclass: posixaccount objectclass: krbprincipalaux objectclass: krbticketpolicyaux objectclass: ipaobject objectclass: mepOriginEntry [root@decepticons ~]# Expected results: uidNumber and gidNumber are synced from Active Directory. Additional info: See the same behavior with "login shell" and "home directory".
DS RFE https://bugzilla.redhat.com/show_bug.cgi?id=765986
This is achieved in ticket #3007 which is currently in 3.0 RC1. We should probably close one of these and decide its importance.
Metadata Update from @dpal: - Issue set to the milestone: Ticket Backlog
Login to comment on this ticket.