Issue
What were you trying to do that didn't work?
When you create a user with --uid=x, where x is a valid ID in IPA-managed IDrange, and this range has got valid rid bases, the user still fails to get SID
Please provide the package NVR for which bug is seen:
ipa-server-4.9.12-11.module+el8.9.0+20824+f2605038.x86_64
How reproducible:
always (if the range is new)
Steps to reproduce
1. create new range:
# ipa idrange-add testrange --base-id=10000 --range-size=10000 --rid-base=300000 --secondary-rid-base=400000
2. add user to this new range:
# ipa user-add testsiduser --first=test --last=test --uid=10001 --gid=10001
3. user fails to get SID:
[13/Mar/2024:12:53:42.830075280 +0100] - ERR - find_sid_for_ldap_entry - [file ipa_sidgen_common.c, line 522]: Cannot convert Posix ID [10001] into an unused SID.
[13/Mar/2024:12:53:42.831334739 +0100] - ERR - ipa_sidgen_add_post_op - [file ipa_sidgen.c, line 149]: Cannot add SID to new entry.
4. If you run sidgen task manually, it works fine, user gets sid:
[13/Mar/2024:12:55:11.966903322 +0100] - ERR - sidgen_task_thread - [file ipa_sidgen_task.c, line 194]: Sidgen task starts ...
[13/Mar/2024:12:55:11.988008575 +0100] - ERR - sidgen_task_thread - [file ipa_sidgen_task.c, line 199]: Sidgen task finished [0].
# ipa user-show --all testsiduser | grep ipantsecurityidentifier
ipantsecurityidentifier: S-1-5-21-1376517128-3415768394-3708681247-300001
Expected results
User gets SID
Actual results
User doesn't get SID automatically when --uid is specified
Additional info
Works if the range is new. If you add a user, run sidgen manually, then add second user, it will get correct SID.
