#6028 Renaming a user removes all of his principal aliases
Closed: Fixed None Opened 7 years ago by mbabinsk.

When renaming a user who already has some principal aliases associated with the entry, the MODRDN plugin is triggered and it sets the value of krbPrincipalName to the alias composed from the new UID. However, this operation destroys all other values of the attribute:

ipa user-add-principal tuser talias\\@tupn.test
Added new aliases to user "tuser"
  User login: tuser
  Principal alias: talias\@tupn.test@IPA.TEST, tuser@IPA.TEST

[root@master1 ~]# ipa user-mod --rename tuser2 tuser
Modified user "tuser"
  User login: tuser2
  First name: test
  Last name: user
  Home directory: /home/tuser
  Login shell: /bin/sh
  Principal name: tuser2@IPA.TEST
  Principal alias: tuser2@IPA.TEST
  Email address: tuser@ipa.test
  UID: 602400001
  GID: 602400001
  Account disabled: False
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True

Expected outcome:

The user gains new alias contaning new uid

Actual results:

Only this alias is retained and all other are removed


  • 2f02ffe Preserve user principal aliases during rename operation

Metadata Update from @mbabinsk:
- Issue assigned to mbabinsk
- Issue set to the milestone: FreeIPA 4.4.1

6 years ago

Login to comment on this ticket.