Currently, IPA SIDgen task fails on first user/group that SID can't be assigned to, either ducplicate ID or user/group out of range with
ERR - find_sid_for_ldap_entry - [file ipa_sidgen_common.c, line 522]: Cannot convert Posix ID [ID] into an unused SID.
ERR - do_work - [file ipa_sidgen_task.c, line 154]: Cannot add SID to existing entry.
and then task ends with
ERR - sidgen_task_thread - [file ipa_sidgen_task.c, line 199]: Sidgen task finished [32].
while it should just log the faulty ID and continue the generation for all the other IDs. This behavior is observed in latest major versions:
ipa-server-4.9.12-11, ipa-server-4.10.2-5
Create a user out of range:
ipa user-add testsid --first test --last sid --uid 2000
try to force SID generation with
ipa config-mod --add-sids --enable-sid
Observe in LDAP error log:
ERR - find_sid_for_ldap_entry - [file ipa_sidgen_common.c, line 522]: Cannot convert Posix ID [2000] into an unused SID. ERR - do_work - [file ipa_sidgen_task.c, line 154]: Cannot add SID to existing entry. ERR - sidgen_task_thread - [file ipa_sidgen_task.c, line 199]: Sidgen task finished [32].
Faulty user id is logged, SID generation continued
Metadata Update from @ftrivino: - Custom field rhbz adjusted to https://issues.redhat.com/browse/RHEL-22188 - Issue assigned to twoerner
master:
Metadata Update from @frenaud: - Custom field rhbz adjusted to https://issues.redhat.com/browse/RHEL-22188, https://issues.redhat.com/browse/RHEL-46592 (was: https://issues.redhat.com/browse/RHEL-22188)
ipa-4-12:
ipa-4-11:
ipa-4-10:
ipa-4-9:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.