freeipa-fas plugin breaks existing stageuser behavior

[flo-renaud]

The nightly tests for freeipa detect a behavior change when the freeipa-fas package is installed, see freeipa issue https://pagure.io/freeipa/issue/8569.

The test is creating a user with the login itest-user, then tries to create a stage user with the same name and activate the stage user. Without freeipa-fas plugin, the test is succeeding but with freeipa-fas plugin it fails during the creation of the stage user with the error Login 'itest-user' or email address 'itest-user@ipa.test' are already registered.

FreeIPA allows the creation of a stage user with the same name as an active user, but prevents the activation of such a user. FAS plugin breaks this behavior.

[tiran]

This is not a bug but a deliberate design decision. freeipa-fas contains extra code to ensure that a stage users cannot conflict with a standard user, https://github.com/fedora-infra/freeipa-fas/blob/3c6b2070f154e9659fd8b3c137080ce1b2c2ea88/ipaserver/plugins/stageuserfas.py#L27-L85

[flo-renaud]

@tiran ok, thanks for the explanation. It means that we need to make sure we don't have the freeipa-fas package installed when we run our nightlies. I took care of that (https://github.com/freeipa/freeipa-pr-ci/commit/3710db156489543e87bd570b4bd74aafb4cb893c), and we can close this issue.