It is possible to rename a user / a group using multiple methods:
When the first method is used, the CLI checks the format of the new name and refuses names containing only numbers for instance. If the second method is used, no check is enforced and any value can be accepted.
The behavior should be consistent.
[root@server ~]# ipa group-mod testgroup --rename 1234 ipa: ERROR: invalid 'rename': may only include letters, numbers, _, -, . and $ [root@server ~]# ipa group-mod testgroup --setattr cn=1234 -------------------------- Modified group "testgroup" -------------------------- Group name: 1234 GID: 205400104 [root@server ~]# [root@server ~]# ipa user-mod testuser --rename 123456 ipa: ERROR: invalid 'rename': may only include letters, numbers, _, -, . and $ [root@server ~]# ipa user-mod testuser --setattr uid=123456 ------------------------ Modified user "testuser" ------------------------ User login: 123456 First name: test Last name: user Home directory: /home/testuser Login shell: /bin/sh Principal name: 123456@IPA.TEST Principal alias: 123456@IPA.TEST Email address: testuser@ipa.test UID: 205400107 GID: 205400107 Account disabled: False Password: False Member of groups: ipausers Kerberos keys available: False [root@server ~]#
The command with --rename properly validates the new name but --setattr cn= or --setattr uid= do not.
--rename
--setattr cn=
--setattr uid=
The 2 methods should have a consistent behavior and refuse the invalid new name.
4.10.1
Metadata Update from @frenaud: - Issue assigned to frenaud
Metadata Update from @frenaud: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/6883
master:
ipa-4-9:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.