
OPERATIONAL DEFECT DATABASE
...

...
What were you trying to do that didn't work? When you create a user with --uid=x, where x is a valid ID in IPA-managed IDrange, and this range has got valid rid bases, the user still fails to get SID Please provide the package NVR for which bug is seen: ipa-server-4.9.12-11.module+el8.9.0+20824+f2605038.x86_64 How reproducible: always (if the range is new) Steps to reproduce 1. create new range: # ipa idrange-add testrange --base-id=10000 --range-size=10000 --rid-base=300000 --secondary-rid-base=400000 2. add user to this new range: # ipa user-add testsiduser --first=test --last=test --uid=10001 --gid=10001 3. user fails to get SID: [13/Mar/2024:12:53:42.830075280 +0100] - ERR - find_sid_for_ldap_entry - [file ipa_sidgen_common.c, line 522]: Cannot convert Posix ID [10001] into an unused SID. [13/Mar/2024:12:53:42.831334739 +0100] - ERR - ipa_sidgen_add_post_op - [file ipa_sidgen.c, line 149]: Cannot add SID to new entry. 4. If you run sidgen task manually, it works fine, user gets sid: [13/Mar/2024:12:55:11.966903322 +0100] - ERR - sidgen_task_thread - [file ipa_sidgen_task.c, line 194]: Sidgen task starts ... [13/Mar/2024:12:55:11.988008575 +0100] - ERR - sidgen_task_thread - [file ipa_sidgen_task.c, line 199]: Sidgen task finished [0]. # ipa user-show --all testsiduser | grep ipantsecurityidentifier ipantsecurityidentifier: S-1-5-21-1376517128-3415768394-3708681247-300001 Expected results User gets SID Actual results User doesn't get SID automatically when --uid is specified Additional info Works if the range is new. If you add a user, run sidgen manually, then add second user, it will get correct SID.
Done-Errata
Red Hat Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.