I stumbled upon this when inspecting usage of sysdb_search_user_by_name(). This routine only fetches user by his primary name. The problem is that some parts of the code don't need to fetch user just by his primary name, but also by any of his aliases.
Some parts of the code work ok with this. For example sdap_process_group_members_2307() calls first sysdb_search_user_by_name() and if it doesn't find anything, it calls sdap_process_missing_member_2307() which then searches for all users with that name as alias.
In particular I found three occurrences of sysdb_search_user_by_name() which I'm a bit concerned about and I think they need closer inspection:
milestone: NEEDS_TRIAGE => SSSD 1.10.0
type: task => defect
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=808058
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=808058 808058]
Simple reproducer for one of those sysdb_delete_user cases:
The second request shouldn't return anything. Instead the record is still in the database and the user is returned. I'm not sure what the correct approach should be - delete the user entirely, delete the alias from existing user or detect beforehand what user should the query go for?
What we should do is this:
1. Perform the ldap search
1. If the ldap search receives no reply, do an ldb search on both names and aliases
1. If the cache finds it by name, delete the user entry.
1. If the cache finds it by alias, drop that alias only.
_comment0: What we should do is this:
1) Perform the ldap search
2) If the ldap search receives no reply, do an ldb search on both names and aliases
3) If the cache finds it by name, delete the user entry.
4) If the cache finds it by alias, drop that alias only. => 1333108108188987
type: defect => task
proposed_priority: => Nice to have
Cleaning the 1.10 milestones before putting tickets into it.
milestone: SSSD 1.10.0 => Temp milestone
Moving planned features and bug fixes into the 1.10 bucket.
milestone: Temp milestone => SSSD 1.10.0
Moving all the features planned for 1.10 release into 1.10 beta.
milestone: Temp milestone => SSSD 1.10 beta
priority: major => minor
selected: => Not need
Moving tickets that are not a priority for SSSD 1.10 into the next release.
milestone: SSSD 1.10 beta => SSSD 1.11 beta
design_review: => 0
milestone: SSSD 1.13 beta => Interim Bucket
priority: minor => major
review: => 0
milestone: Interim Bucket => SSSD 1.12 beta
Should be done together with the rest of the sysdb refactor Michal is working on.
milestone: SSSD 1.12 beta => SSSD 1.13 beta
mark: => 0
owner: somebody => preichl
Nice to do together with sysdb refactoring but not strictly needed.
Should be done together with #2011
milestone: SSSD 1.13 beta => SSSD 1.14 beta
We have more urgent tasks on our plate..and either way, we need to change the sysdb format first..
milestone: SSSD 1.14 beta => SSSD 1.15 beta
sensitive: => 0
Metadata Update from @jzeleny:
- Issue assigned to preichl
- Issue set to the milestone: SSSD Future releases (no date set yet)
to comment on this ticket.
Copyright © 2014-2018 Red Hat
4.0.4 — Documentation