Set it as automember default group
api.Command'automember_default_group_set'
Delete the group
It is necessary to run the sequence using API calls (meaning that you can't reproduce this using console "ipa" command).
To restore previous IPA function I needed to issue ipa-server-install --uninstall and then install it again.
The non-existent group remains automember default group. It's not possible to add users after that, run automember rebuild command, and add new hosts after running the rebuild command.
Find a reproducer here: https://paste.fedoraproject.org/360365/ (the first three commands are needed for creating the inconsistency)
It can be reproduced using ipa command, or atleas in Web UI.
ipa
To restore previous IPA function it is needed only to either recreate new tgroup or remove tgroup from being default automemebr group.
One issue I found though was that the created user whose add failed because of the inconsistency could not be added even when it was resolved. Directory server needed to be restarted and then it worked.
possible improvements:
Metadata Update from @fskola: - Issue assigned to pducjac - Issue set to the milestone: Future Releases
pastebin is long gone. Reproduction steps are:
ipa group-add autome ipa automember-default-group-set --default-group=autome --type=group ipa user-add --first=tim --last=user tuser1 ... user is member of autome ipa group-del autome ipa user-add --first=tim --last=user tuser2 ... error
But you can just set another group as the default group and things are fine.
The user is added but the groups are not set properly in the case of a deleted automember group.
Metadata Update from @rcritten: - Issue close_status updated to: None
Login to comment on this ticket.