#1760 Failover to ldap_chpass_backup_uri doesn't work
Closed: Fixed None Opened 7 years ago by jhrozek.

https://bugzilla.redhat.com/show_bug.cgi?id=894738 (Red Hat Enterprise Linux 6)

Description of problem:
Failover to ldap_chpass_backup_uri doesn't work

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Domain section in sssd.conf:
ldap_search_base = dc=example,dc=com
id_provider = ldap
ldap_uri = ldap://ldapsrv.example.com
ldap_chpass_uri = ldap://invalidsrv.example.com
ldap_chpass_backup_uri = ldap://ldapsrv.example.com

2. Try to change the password of a user:

# ssh -l puser1 localhost
puser1@localhost's password:
Last login: Fri Jan 11 20:49:34 2013 from localhost
-sh-4.1$ passwd
Changing password for user puser1.
Current Password:
System is offline, password change not possible
passwd: Authentication token manipulation error

Actual results:
Password change fails. Looks like failover to ldap_chpass_backup_uri doesn't

Logs show:
(Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [fo_resolve_service_done] (0x0020):
Failed to resolve server 'invalidsrv.example.com': Domain name not found
(Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [set_server_common_status]
(0x0100): Marking server 'invalidsrv.example.com' as 'not working'
(Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [be_resolve_server_process]
(0x0080): Couldn't resolve server (invalidsrv.example.com), resolver returned
(Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [be_resolve_server_process]
(0x1000): Trying with the next one!
(Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'LDAP_CHPASS'
(Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [get_server_status] (0x1000):
Status of server 'invalidsrv.example.com' is 'not working'
(Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [get_server_status] (0x1000):
Status of server 'invalidsrv.example.com' is 'not working'
(Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [fo_resolve_service_send] (0x0020):
No available servers for service 'LDAP_CHPASS'
(Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [be_resolve_server_done] (0x1000):
Server resolution failed: 5
(Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [be_mark_offline] (0x2000): Going

Expected results:
Failover to ldap_chpass_backup_uri should work.

Additional info:

Pavel, please take a look.

blockedby: =>
blocking: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => pbrezina
selected: =>
testsupdated: => 0

Yeah, it doesn't work. We don't use that option anywhere. I'll prepare a fix.

Fields changed

patch: 0 => 1

milestone: NEEDS_TRIAGE => SSSD 1.9.4
resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to pbrezina
- Issue set to the milestone: SSSD 1.9.4

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2802

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.