The uid_hidden field needs to be retained until after validation succeeds

otherwise if it ever fails, uid_hidden will be lost which can cause uid
to not be set which cascades into lots of other errors.

ipa-server/ipa-gui/ipagui/subcontrollers/user.py

@@ -374,12 +374,6 @@ class UserController(IPAController):
         if not kw.get('uid'):
             kw['uid'] = kw.get('uid_hidden')
 
-        # We don't want to inadvertantly add this to a record
-        try:
-            del kw['uid_hidden']
-        except KeyError:
-            pass
-
         if kw.get('submit') == 'Cancel Edit':
             turbogears.flash("Edit user cancelled")
             raise turbogears.redirect('/user/show', uid=kw.get('uid'))
@@ -412,6 +406,12 @@ class UserController(IPAController):
                         user_groups=user_groups_dicts,
                         tg_template='ipagui.templates.useredit')
 
+        # We don't want to inadvertantly add this to a record
+        try:
+            del kw['uid_hidden']
+        except KeyError:
+            pass
+
         password_change = False
         user_modified = False