#1760 Failover to ldap_chpass_backup_uri doesn't work
Closed: Fixed None Opened 6 years ago by jhrozek.

https://bugzilla.redhat.com/show_bug.cgi?id=894738 (Red Hat Enterprise Linux 6)

Description of problem:
Failover to ldap_chpass_backup_uri doesn't work

Version-Release number of selected component (if applicable):
1.9.2-68

How reproducible:
Always

Steps to Reproduce:
1. Domain section in sssd.conf:
ldap_search_base = dc=example,dc=com
id_provider = ldap
ldap_uri = ldap://ldapsrv.example.com
ldap_chpass_uri = ldap://invalidsrv.example.com
ldap_chpass_backup_uri = ldap://ldapsrv.example.com

2. Try to change the password of a user:

# ssh -l puser1 localhost
puser1@localhost's password:
Last login: Fri Jan 11 20:49:34 2013 from localhost
-sh-4.1$ passwd
Changing password for user puser1.
Current Password:
System is offline, password change not possible
passwd: Authentication token manipulation error
-sh-4.1$


Actual results:
Password change fails. Looks like failover to ldap_chpass_backup_uri doesn't
happen.

Logs show:
(Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [fo_resolve_service_done] (0x0020):
Failed to resolve server 'invalidsrv.example.com': Domain name not found
(Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [set_server_common_status]
(0x0100): Marking server 'invalidsrv.example.com' as 'not working'
(Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [be_resolve_server_process]
(0x0080): Couldn't resolve server (invalidsrv.example.com), resolver returned
(11)
(Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [be_resolve_server_process]
(0x1000): Trying with the next one!
(Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'LDAP_CHPASS'
(Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [get_server_status] (0x1000):
Status of server 'invalidsrv.example.com' is 'not working'
(Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [get_server_status] (0x1000):
Status of server 'invalidsrv.example.com' is 'not working'
(Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [fo_resolve_service_send] (0x0020):
No available servers for service 'LDAP_CHPASS'
(Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [be_resolve_server_done] (0x1000):
Server resolution failed: 5
(Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [be_mark_offline] (0x2000): Going
offline!

Expected results:
Failover to ldap_chpass_backup_uri should work.

Additional info:

Pavel, please take a look.

blockedby: =>
blocking: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => pbrezina
selected: =>
testsupdated: => 0

Yeah, it doesn't work. We don't use that option anywhere. I'll prepare a fix.

Fields changed

patch: 0 => 1

milestone: NEEDS_TRIAGE => SSSD 1.9.4
resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to pbrezina
- Issue set to the milestone: SSSD 1.9.4

2 years ago

Login to comment on this ticket.

Metadata