#1672 Error in PAC responder
Closed: Fixed None Opened 6 years ago by simo.

I sometimes see this error in the PAC responder, this is with latest master and a freeipa trust.

(Fri Nov 23 23:00:48 2012) [sssd[pac]] [accept_fd_handler] (0x0400):
Client connected!
(Fri Nov 23 23:00:48 2012) [sssd[pac]] [sss_cmd_get_version] (0x0200): Received client version [1].
(Fri Nov 23 23:00:48 2012) [sssd[pac]] [sss_cmd_get_version] (0x0200): Offered version [1].
(Fri Nov 23 23:00:48 2012) [sssd[pac]] [responder_get_domain] (0x0040): Unknown domain [AD2012], checking forpossible subdomains!
(Fri Nov 23 23:00:48 2012) [sssd[pac]] [sss_dp_issue_request] (0x0400): Issuing request for [0x41c180:domains@domain.ipa]
(Fri Nov 23 23:00:48 2012) [sssd[pac]] [sss_dp_get_domains_msg] (0x0400): Sending get domains request for [domain.ipa][forced][AD2012]
(Fri Nov 23 23:00:48 2012) [sssd[pac]] [sbus_add_timeout] (0x2000): 0x94a110
(Fri Nov 23 23:00:48 2012) [sssd[pac]] [sss_dp_internal_get_send] (0x0400): Entering request [0x41c180:domains@domain.ipa]
(Fri Nov 23 23:00:48 2012) [sssd[pac]] [sbus_remove_timeout] (0x2000): 0x94a110
(Fri Nov 23 23:00:48 2012) [sssd[pac]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success
(Fri Nov 23 23:00:48 2012) [sssd[pac]] [process_subdomains] (0x0200): Adding subdomain [ad2012.domain.ad] to the domain [domain.ipa]!
(Fri Nov 23 23:00:48 2012) [sssd[pac]] [process_subdomains] (0x1000): Adding flat name [IPA] to domain [domain.ipa].
(Fri Nov 23 23:00:48 2012) [sssd[pac]] [sysdb_error_to_errno] (0x0020): LDB returned unexpected error: [Attribute or value exists]
(Fri Nov 23 23:00:48 2012) [sssd[pac]] [sysdb_mod_group_member] (0x0400): Error: 14 (Bad address)
(Fri Nov 23 23:00:48 2012) [sssd[pac]] [pac_store_membership] (0x0040): sysdb_mod_group_member failed.
(Fri Nov 23 23:00:48 2012) [sssd[pac]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x41c180:domains@domain.ipa]
(Fri Nov 23 23:00:48 2012) [sssd[pac]] [client_recv] (0x0200): Client disconnected!
(Fri Nov 23 23:00:48 2012) [sssd[pac]] [client_destructor] (0x2000): Terminated client [0x946610][19]

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.4

Fields changed

owner: somebody => sbose
status: new => assigned

This issue is triggered if there are duplicated group SIDs in the PAC. Currently the PAC responder tries to add a the related groupmemberships multiple times.

To reproduce it in an IPA domain with trust you can add the SID of the AD user and SIDs of AD groups the AD user belong to the same external IPA group and add it to an IPA posix group.

patch: 0 => 1

The ticket was fixed in the same patchset as ticket #1666. The patches were:

resolution: => fixed
selected: =>
status: assigned => closed

Metadata Update from @simo:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.9.4

2 years ago

Login to comment on this ticket.

Metadata