Learn more about these different git repos.
Other Git URLs
https://bugzilla.redhat.com/show_bug.cgi?id=772297
Description of problem: SSSD fails to update if all nisNetgroupTriple/memberNisNetgroup entries are deleted from the netgroup on the ldap server. Version-Release number of selected component (if applicable): sssd-1.5.1-66.el6_2.1 How reproducible: Always Steps to Reproduce: 1. Originally: # ldapsearch -x -LLL -b "dc=example,dc=com" cn=Users dn: cn=Users,ou=Netgroup,dc=example,dc=com objectClass: nisNetgroup objectClass: top cn: Users nisNetgroupTriple: (host1.example.com,user1,example.com) nisNetgroupTriple: (host2.example.com,user2,example.com) nisNetgroupTriple: (host3.example.com,user2,example.com) description: All users in my organization # getent -s sss netgroup Users Users (host1.example.com, user1, example.com) (host2.example.com, user2, example.com) (host3.example.com, user2, example.com) 2. After deleting all nisNetgroupTriple from the netgroup on the ldap server: # ldapsearch -x -LLL -b "dc=example,dc=com" cn=Users dn: cn=Users,ou=Netgroup,dc=example,dc=com objectClass: nisNetgroup objectClass: top cn: Users description: All users in my organization 3. After 120 secs: # getent -s sss netgroup Users Users (host1.example.com, user1, example.com) (host2.example.com, user2, example.com) (host3.example.com, user2, example.com) Actual results: Looking up the netgroup still shows all the deleted entries. Deleting one or more nisNetgroupTriple or memberNisNetgroup entries updates properly after entry_cache_timeout. The issue is reproducible only when all the entries all deleted. Expected results: Netgroup lookup shouldn't show the deleted entries. Additional info: 1. sssd.conf domain section: [domain/LDAP] debug_level = 9 id_provider = ldap ldap_uri = ldap://lion.lab.eng.pnq.redhat.com ldap_search_base = ou=Netgroup,dc=example,dc=com ldap_tls_cacert = /etc/openldap/cacerts/server.pem enumerate = true cache_credentials = true entry_cache_timeout = 120 ldap_purge_cache_timeout = 10 2. domain log shows: (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [be_get_account_info] (4): Got request for [4100][1][name=Users] (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_id_op_connect_step] (9): reusing cached connection (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_get_generic_step] (6): calling ldap_search_ext with [(&(cn=Users)(objectclass=nisNetgroup))][ou=Netgroup,dc=example,dc=com]. (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [objectClass] (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [cn] (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [memberNisNetgroup] (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [nisNetgroupTriple] (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [nsUniqueId] (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [modifyTimestamp] (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_get_generic_step] (8): ldap_search_ext called, msgid = 14 (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0x864c20], connected[1], ops[0x868d00], ldap[0x869910] (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_parse_entry] (9): OriginalDN: [cn=Users,ou=Netgroup,dc=example,dc=com]. (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0x864c20], connected[1], ops[0x868d00], ldap[0x869910] (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_get_generic_done] (6): Search result: Success(0), (null) (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_get_generic_done] (7): Total count [0] (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_get_netgroups_process] (6): Search for netgroups, returned 1 results. (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [netgr_translate_members_send] (7): Missing netgroup members. (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [netgr_translate_members_send] (9): No DNs found among netgroup members. (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_save_netgroup] (7): Adding original DN [cn=Users,ou=Netgroup,dc=example,dc=com] to attributes of [Users]. (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_save_netgroup] (7): No netgroup triples for netgroup [Users]. (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_save_netgroup] (7): No original members for netgroup [Users] (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_save_netgroup] (7): No members for netgroup [Users] (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_save_netgroup] (6): Storing info for netgroup Users (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): start ldb transaction (nesting: 0) (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): start ldb transaction (nesting: 1) (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): tevent: Added timed event "ltdb_callback": 0x87f860 (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): tevent: Added timed event "ltdb_timeout": 0x87f980 (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): tevent: Destroying timer event 0x87f980 "ltdb_timeout" (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): tevent: Ending timer event 0x87f860 "ltdb_callback" (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): cancel ldb transaction (nesting: 1) (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [sysdb_add_basic_netgroup] (6): Error: 17 (File exists) (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): start ldb transaction (nesting: 1) (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): tevent: Added timed event "ltdb_callback": 0x880040 (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): tevent: Added timed event "ltdb_timeout": 0x87f0d0 (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): tevent: Destroying timer event 0x87f0d0 "ltdb_timeout" (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): tevent: Ending timer event 0x880040 "ltdb_callback" (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): commit ldb transaction (nesting: 1) (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): commit ldb transaction (nesting: 0) (Fri Jan 6 20:22:12 2012) [sssd[be[LDAP]]] [netgr_translate_members_done] (9): Saving 1 Netgroups - Done
Fields changed
blockedby: => blocking: => coverity: => milestone: NEEDS_TRIAGE => SSSD 1.8.0 owner: somebody => jzeleny patch: => 0 tests: => 0 testsupdated: => 0 upgrade: => 0
feature_milestone: => patch: 0 => 1 status: new => assigned
Fixed by: - master - 277a018 - 3ff729e - sssd-1-8 - 720396b - 343177b
resolution: => fixed status: assigned => closed
Metadata Update from @jhrozek: - Issue assigned to jzeleny - Issue set to the milestone: SSSD 1.8.0 (LTM)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2178
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.