Project

General

Profile

Actions
Copy link

Bug #16392

open

Admin group membership is lost on secondary after changes to user

Added by Dean Chang 16 days ago. Updated 14 days ago.

Status:
Feedback
Priority:
Normal
Assignee:
Reid Linnemann
Category:
High Availability
Target version:
25.11
Start date:
Due date:
% Done:

0%

Estimated time:
Release Notes:
Default
Affected Plus Version:
25.07.1
Affected Architecture:
All

Description

This affects the synchronization of users an a ha primary/secondary pair.
There is an existing user which is a member of the builtin admin group. On the primary, when I change the name, ssh key or set the disable flag, the user is removed from the admin group on the secondary system. When I edit the same user on the primary again, the user is added back to the admin group on the secondary automatically.

Actions
Copy link
 #1

Updated by Reid Linnemann 16 days ago

  • Category changed from User Manager / Privileges to High Availability
  • Status changed from New to Assigned
  • Assignee set to Reid Linnemann
Actions
Copy link
 #2

Updated by Reid Linnemann 15 days ago

This looks like a goofy application of the 'synchronize admin accounts' option in the HA config. With this disabled, the behavior you noted exists, and it appears to me that the behavior goes away with it enabled. However, that knob should only control whether specifically the admin user is synchronized between the hosts. admin group membership should always be synchronized. Regardless if that's what is actually happening, I'll have a fix for this shortly, and we'll add it to the System Patches.

Actions
Copy link
 #3

Updated by Reid Linnemann 15 days ago

I did some more testing and my theory about the admin sync knob is incorrect. There's some interesting behavior where sometimes the admin group is synced and sometimes it isn't, and I believe this is related as when the group is not synced that is when the user is not attached to the admin group on the secondary.

Actions
Copy link
 #4

Updated by Reid Linnemann 15 days ago

I found it, there's a bug in the account and group sync that doesn't properly account for a user being modified and does not restore its group memberships.

Actions
Copy link
 #5

Updated by Dean Chang 15 days ago

That's great to hear, thank you very much for looking into this!

Actions
Copy link
 #6

Updated by Reid Linnemann 15 days ago

  • Status changed from Assigned to Feedback
  • Target version set to 25.11

This is fixed in CE change 7d545332, I'm also merging it to Plus for 25.11 and the fix will be made available in the system patches as well.

Actions
Copy link
 #7

Updated by Georgiy Tyutyunnik 14 days ago

reproduced on 25.07.1
latest Plus Dev has it fixed
tested on:
25.11-DEVELOPMENT (amd64)
built on Fri Aug 29 1:56:00 UTC 2025
FreeBSD 15.0-PRERELEASE

Please add patch link/id when available

Actions
Copy link

Also available in: Atom PDF