#7670 ERR: ID value too large (when user from the staged area)
Opened 6 years ago by guard43ru. Modified 5 years ago

Issue

Need to fix sidgen plugin to ignore users in the staged area. Additionally, we need to run sid generation when users moved from the staging to production.

Steps to Reproduce

  1. there is a user in staged area
  2. ipa-adtrust-install --add-sids
  3. error, some users don't get ipaNTSecurityIdentifier

Actual behavior

ERR - sidgen_task_thread - [file ipa_sidgen_task.c, line 194]: Sidgen task starts ...
DEBUG - ipa-sidgen-postop - Base DN: [dc=domain], Filter: [(&(objectclass=ipaobject)(!(objectclass=mepmanagedentry))(|(objectclass=posixaccount)(objectclass=posixgroup)(objectclass=ipaidobject))(!(ipantsecurityidentifier=*)))].
DEBUG - ipa-sidgen-postop - Trying to add SID for [uid=user_name,cn=staged users,cn=accounts,cn=provisioning,dc=domain].
ERR - find_sid_for_ldap_entry - [file ipa_sidgen_common.c, line 483]: ID value too large.
ERR - do_work - [file ipa_sidgen_task.c, line 154]: Cannot add SID to existing entry.
ERR - sidgen_task_thread - [file ipa_sidgen_task.c, line 199]: Sidgen task finished [19].

Expected behavior

ERR - sidgen_task_thread - [file ipa_sidgen_task.c, line 194]: Sidgen task starts ...
ERR - sidgen_task_thread - [file ipa_sidgen_task.c, line 199]: Sidgen task finished [0].

Version/Release/Distribution

ipa-server-4.5.4-10.el7.centos.3.x86_64
ipa-client-4.5.4-10.el7.centos.3.x86_64
389-ds-base-1.3.7.5-24.el7_5.x86_64
pki-ca-10.5.1-13.1.el7_5.noarch
krb5-server-1.15.1-19.el7.x86_64


@abbra suggested in the e-mail thread:

So, this is a user from the staged area, right?. It looks like we need to fix sidgen plugin to ignore users in the staged area. Additionally, we need to run sid generation when users moved from the staging to production.

Metadata Update from @abiagion:
- Issue set to the milestone: FreeIPA 4.7.1

6 years ago

Metadata Update from @rcritten:
- Issue set to the milestone: FreeIPA 4.7.2 (was: FreeIPA 4.7.1)

5 years ago

FreeIPA 4.7.1 has been released, moving to FreeIPA 4.7.2 milestone

Metadata Update from @pvoborni:
- Issue set to the milestone: FreeIPA 4.7.3 (was: FreeIPA 4.7.2)

5 years ago

Log in to comment on this ticket.

Metadata