Learn more about these different git repos.
Other Git URLs
https://bugzilla.redhat.com/show_bug.cgi?id=871843 (Red Hat Enterprise Linux 6)
Description of problem: Nested groups not retrieved appropriately from cache Version-Release number of selected component (if applicable): sssd-1.9.2-4.el6.x86_64 How reproducible: Always Steps to Reproduce: 1. Create a nested group structure in AD as follows: tuser1_top_grp1 | tuser1_mid_grp1 | tuser1 2. Configure sssd to lookup users and groups via ldap provider: The domain section that I used: [domain/ADTEST] debug_level = 0xFFF0 id_provider = ldap ldap_schema = ad ldap_uri = ldap://adserver ldap_default_bind_dn = cn=Administrator,cn=Users,dc=sssdad,dc=com ldap_default_authtok = xxxxxx ldap_search_base = dc=sssdad,dc=com ldap_force_upper_case_realm = True ldap_referrals = false 3. Issue1: Lookup tuser1 in the following sequence: # service sssd stop;rm -f /var/lib/sss/db/* /var/lib/sss/mc/*;service sssd start Stopping sssd: [ OK ] Starting sssd: [ OK ] # getent group tuser1_mid_grp1 tuser1_mid_grp1:*:10004:tuser1 # getent group tuser1_top_grp1 tuser1_top_grp1:*:10003:tuser1 # id tuser1 uid=10004(tuser1) gid=10004(tuser1_mid_grp1) groups=10004(tuser1_mid_grp1) <== Doesn't show tuser1_top_grp1 Issue2: # service sssd stop;rm -f /var/lib/sss/db/* /var/lib/sss/mc/*;service sssd start Stopping sssd: [ OK ] Starting sssd: [ OK ] # getent group tuser1_top_grp1 tuser1_top_grp1:*:10003:tuser1 # getent group tuser1_mid_grp1 tuser1_mid_grp1:*:10004:tuser1,tuser1 <== tuser1 is seen twice Actual results: Expected results: a. for Issue1: # id tuser1 uid=10004(tuser1) gid=10004(tuser1_mid_grp1) groups=10004(tuser1_mid_grp1),10003(tuser1_top_grp1) b. for Issue2: # getent group tuser1_mid_grp1 tuser1_mid_grp1:*:10004:tuser1 Additional info:
Fields changed
blockedby: => blocking: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => milestone: NEEDS_TRIAGE => SSSD 1.9.3 testsupdated: => 0
This is caused by the ghost users being propagated in the nested groups. The memberof plugin then converts all the ghost users into "member:" attributes which is wrong and causes breakage later.
owner: somebody => jhrozek status: new => assigned
patch: 0 => 1
Fixed in master: - 9dd91ef - b22f24e and sssd-1-9: - 9dd91ef - b22f24e
resolution: => fixed status: assigned => closed
Metadata Update from @jhrozek: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.9.3
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2654
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.