I can create two users in IPA with same names:

    ipa user-add user1 --first Test --last User
    ipa user-add user2 --first Test --last User

It is totally fine for people to have same names.

But GC instance will contain record only for the first one. In globalcatalog.log there is error:

2020-10-14T09:27:53Z    33784   MainThread      ipaserver.globalcatalog.gcsyncer        ERROR   Entry CN=Test User,CN=Users,dc=testrelm,dc=test already exists

The root cause is not the (first, last) combination but rather the identical cn.

If the cn attribute isn't explicitely set during ipa user-add with the --cn option, the user plugin automatically creates the cn attribute by concatenating givenname (=first) and sn (=last) (here in ipaserver/plugins/user.py).

FreeIPA doesn't enforce unicity of the cn attribute but GC does. It doesn't look acceptable to add this constraint to the main LDAP instance, and the best mitigation IMO was at least to log an error. I agree it's not optimal but don't have any solution so far.

What about creating an ipa-healthcheck test for this kind of situation under trust set of tests?

We can also add a validation to user-add that verifies this and adds a warning to the response in case GC is enabled.