Done. https://pagure.io/freeipa/issue/9873
On Thu, Nov 6, 2025 at 12:28 PM Rob Crittenden <[email protected]> wrote: > Russell Jones via FreeIPA-users wrote: > > Last reply - > > > > I can confirm now if I delete the subid range from the user using > > ldapdelete, I am able to rename the user without any issues. > > > > As soon as I use "ipa subid-generate --owner=<user>" and then try to > > rename them again, it fails with the same error. > > I was able to reproduce this. Can you open an upstream issue on it at > https://pagure.io/freeipa/new_issue with the steps you provided here? > > thanks > > rob > > > > > On Thu, Nov 6, 2025 at 9:44 AM Russell Jones <[email protected] > > <mailto:[email protected]>> wrote: > > > > This error just doesn't make any sense to me. I have gone through > > all 4 servers grabbing the raw ldap data for the ipauniqueid it's > > complaining about, and I am not seeing anything missing. It matches > > across all 4 replicas: > > > > [root@freeipa1 slapd-US-EP-CORP-LOCAL]# ipa subid-show > > 05c48cfb-5503-4162-9e14-648d88767356 --all --raw > > > > dn: > > > > ipauniqueid=05c48cfb-5503-4162-9e14-648d88767356,cn=subids,cn=accounts,dc=us,dc=ep,dc=corp,dc=local > > > > ipauniqueid: 05c48cfb-5503-4162-9e14-648d88767356 > > > > description: auto-assigned subid > > > > ipaowner: > > uid=<username>,cn=users,cn=accounts,dc=us,dc=ep,dc=corp,dc=local > > > > ipasubuidnumber: 2147549184 > > > > ipasubuidcount: 65536 > > > > ipasubgidnumber: 2147549184 > > > > ipasubgidcount: 65536 > > > > objectclass: ipasubordinateidentry > > > > objectclass: ipasubordinateid > > > > objectclass: ipasubordinategid > > > > objectclass: ipasubordinateuid > > > > objectclass: top > > > > > > > > > > > > Are there any known issues with renaming accounts that have subid's > > attached to them? > > > > > > On Thu, Nov 6, 2025 at 9:16 AM Russell Jones <[email protected] > > <mailto:[email protected]>> wrote: > > > > Hi all, > > > > We somewhat recently upgraded our FreeIPA cluster (4 nodes in > > all-replication setup) from 4.8 to 4.10, and then 4.10 to 4.12 > > using replication. Stood up two new 4.10 servers, replicated > > from 4.8. Then stood up two new 4.12 servers, and replicated > > from 4.10. After that, created two more 4.12 servers and added > > them into the cluster. > > > > All went fairly well, however I just discovered that renaming > > users fails. When I try to rename a user, I get the following > > error in server logs: > > > > > > [06/Nov/2025:09:09:01.741275830 -0600] - ERR - > > get_value_from_string - type does not match: dsEntryDN != > > dsEntryDN;vucsn-68f12ab70000000f0000 > > [06/Nov/2025:09:09:01.932930359 -0600] - ERR - > > oc_check_required - Entry > > > > "ipauniqueid=05c48cfb-5503-4162-9e14-648d88767356,cn=subids,cn=accounts,dc=us,dc=ep,dc=corp,dc=local" > > missing attribute "ipaOwner" required by object class > > "ipaSubordinateId" > > [06/Nov/2025:09:09:01.933838475 -0600] - ERR - > > referint-plugin - _update_all_per_mod - Entry > > > > ipauniqueid=05c48cfb-5503-4162-9e14-648d88767356,cn=subids,cn=accounts,dc=us,dc=ep,dc=corp,dc=local > > failed (65) > > [06/Nov/2025:09:09:01.934989371 -0600] - ERR - > > oc_check_required - Entry > > > > "ipauniqueid=05c48cfb-5503-4162-9e14-648d88767356,cn=subids,cn=accounts,dc=us,dc=ep,dc=corp,dc=local" > > missing attribute "ipaOwner" required by object class > > "ipaSubordinateId" > > [06/Nov/2025:09:09:01.936187948 -0600] - WARN - > > memberof-plugin - Entry > > > > ipauniqueid=05c48cfb-5503-4162-9e14-648d88767356,cn=subids,cn=accounts,dc=us,dc=ep,dc=corp,dc=local > > - schema violation caught - repair operation succeeded > > [06/Nov/2025:09:09:01.937103924 -0600] - ERR - > > oc_check_required - Entry > > > > "ipauniqueid=05c48cfb-5503-4162-9e14-648d88767356,cn=subids,cn=accounts,dc=us,dc=ep,dc=corp,dc=local" > > missing attribute "ipaOwner" required by object class > > "ipaSubordinateId" > > [06/Nov/2025:09:09:01.937911140 -0600] - ERR - > > slapi_entry_schema_check_ext - Entry > > > > "ipauniqueid=05c48cfb-5503-4162-9e14-648d88767356,cn=subids,cn=accounts,dc=us,dc=ep,dc=corp,dc=local" > > single-valued attribute "ipaOwner" has multiple values > > [06/Nov/2025:09:09:01.940516533 -0600] - WARN - flush_hash - > > Upon BETXN callback failure, entry cache is flushed during > > 0.000252889 > > [06/Nov/2025:09:09:01.941317487 -0600] - WARN - flush_hash - > > Upon BETXN callback failure, entry cache is flushed during > > 0.000233924 > > > > > > > > I enabled the subid feature a little while back and used the > > script (/usr/libexec/ipa/ipa-subids) to generate subid's for > > everybody without any errors. I am uncertain what has happened > > or how to proceed from here. > > > > Could use some pointers. Thanks! > > > > > >
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
