From fd53ed14b0e43c6d3020ed54907011cbacb6716f Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <flo@redhat.com>
Date: Fri, 15 Oct 2021 15:55:10 +0200
Subject: [PATCH] User lifecycle: ignore SID when moving from preserved to
 staged

When a preserved user entry is moved to staged state, the SID
attribute must not be provided to user-stage command (the option
does not exist and the SID will be re-generated anyway).

Related: https://pagure.io/freeipa/issue/8995
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 ipaserver/plugins/user.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ipaserver/plugins/user.py b/ipaserver/plugins/user.py
index 19d07e6d6..b9ac09008 100644
--- a/ipaserver/plugins/user.py
+++ b/ipaserver/plugins/user.py
@@ -1002,6 +1002,7 @@ class user_stage(LDAPMultiQuery):
                     u'ipauniqueid', u'krbcanonicalname',
                     u'sshpubkeyfp', u'krbextradata',
                     u'ipacertmapdata',
+                    'ipantsecurityidentifier',
                     u'nsaccountlock']
 
     def execute(self, *keys, **options):