Issue

What were you trying to do that didn't work? When you create a user with --uid=x, where x is a valid ID in IPA-managed IDrange, and this range has got valid rid bases, the user still fails to get SID Please provide the package NVR for which bug is seen: ipa-server-4.9.12-11.module+el8.9.0+20824+f2605038.x86_64 How reproducible: always (if the range is new) Steps to reproduce 1. create new range: # ipa idrange-add testrange --base-id=10000 --range-size=10000 --rid-base=300000 --secondary-rid-base=400000 2. add user to this new range: # ipa user-add testsiduser --first=test --last=test --uid=10001 --gid=10001 3. user fails to get SID: [13/Mar/2024:12:53:42.830075280 +0100] - ERR - find_sid_for_ldap_entry - [file ipa_sidgen_common.c, line 522]: Cannot convert Posix ID [10001] into an unused SID. [13/Mar/2024:12:53:42.831334739 +0100] - ERR - ipa_sidgen_add_post_op - [file ipa_sidgen.c, line 149]: Cannot add SID to new entry. 4. If you run sidgen task manually, it works fine, user gets sid: [13/Mar/2024:12:55:11.966903322 +0100] - ERR - sidgen_task_thread - [file ipa_sidgen_task.c, line 194]: Sidgen task starts ... [13/Mar/2024:12:55:11.988008575 +0100] - ERR - sidgen_task_thread - [file ipa_sidgen_task.c, line 199]: Sidgen task finished [0]. # ipa user-show --all testsiduser | grep ipantsecurityidentifier ipantsecurityidentifier: S-1-5-21-1376517128-3415768394-3708681247-300001 Expected results User gets SID Actual results User doesn't get SID automatically when --uid is specified Additional info Works if the range is new. If you add a user, run sidgen manually, then add second user, it will get correct SID.

Release Notes

No. of Comments

Resolution

Done-Errata