When renaming a user who already has some principal aliases associated with the entry, the MODRDN plugin is triggered and it sets the value of krbPrincipalName to the alias composed from the new UID. However, this operation destroys all other values of the attribute:
ipa user-add-principal tuser talias\\@tupn.test --------------------------------- Added new aliases to user "tuser" --------------------------------- User login: tuser Principal alias: talias\@tupn.test@IPA.TEST, tuser@IPA.TEST [root@master1 ~]# ipa user-mod --rename tuser2 tuser --------------------- Modified user "tuser" --------------------- User login: tuser2 First name: test Last name: user Home directory: /home/tuser Login shell: /bin/sh Principal name: tuser2@IPA.TEST Principal alias: tuser2@IPA.TEST Email address: tuser@ipa.test UID: 602400001 GID: 602400001 Account disabled: False Password: True Member of groups: ipausers Kerberos keys available: True
Expected outcome:
The user gains new alias contaning new uid
Actual results:
Only this alias is retained and all other are removed
master:
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1356964
Metadata Update from @mbabinsk: - Issue assigned to mbabinsk - Issue set to the milestone: FreeIPA 4.4.1
Login to comment on this ticket.