Skip to content

unique overlay bug post mortem #292

New issue
New issue
Closed
Closed
unique overlay bug post mortem#292
Labels
bugSomething isn't working
@simonLeary42

Description

@simonLeary42
simonLeary42
opened on Sep 9, 2025

with the recent addition of the slapo-unique openldap overlay, we encountered a problem where the gidnumber attribute from a posixAccount conflicted with the gidnumber attribute from a posixGroup. The portal did not handle this situation well:

Here's what I think happened:

  • user was created
  • posixGroup entry was created
  • posixAccount entry creation failed
  • operator got a white screen
  • operator tried again to approve and create user
  • user was created
  • a different IDNumber was chosen the second time
  • posixGroup entry creation was skipped
  • posixAccount was created

What can we do differently?

  • UnityUser->init should only run once. If we try to run it again, it should fail. If this were the case, the operator would have gotten an error every time they attempted to approve, an admin would have been alerted, and the problem would have been addressed much earlier.
  • UnityUser->init should revert any changes already made in the event of an error. the operator would have gotten an error every time they attempted to approve, an admin would have been alerted, and the problem would have been addressed much earlier.
  • The operator should get an error, not a white screen. If this were the case, the operator might not have overlooked the white screen, and may have notified an admin.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions