Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1109188
Description of problem: Unable to lookup groups with dereferencing control enabled on openldap server Version-Release number of selected component (if applicable): sssd-1.11.6-1.el6 How reproducible: Always Steps to Reproduce: 1. ldapsearch against the openldap server returns: # ldapsearch -x -LLL -h <ldapserver> -b 'dc=example,dc=com' -D "cn=Manager,dc=example,dc=com" -w XXXXX -E 'deref=member:uid' cn=ref_grp1 dn: cn=ref_grp1,ou=qagroup,dc=example,dc=com # member: <uid=drefuser1>;uid=drefuser1,dc=example,dc=com # member: <uid=drefuser2>;uid=drefuser2,dc=example,dc=com # member: <uid=drefuser3>;uid=drefuser3,dc=example,dc=com # member: <uid=drefuser4>;uid=drefuser4,dc=example,dc=com # member: <uid=drefuser5>;uid=drefuser5,dc=example,dc=com # member: <uid=drefuser6>;uid=drefuser6,dc=example,dc=com # member: <uid=drefuser7>;uid=drefuser7,dc=example,dc=com # member: <uid=drefuser8>;uid=drefuser8,dc=example,dc=com # member: <uid=drefuser9>;uid=drefuser9,dc=example,dc=com # member: <uid=drefuser10>;uid=drefuser10,dc=example,dc=com # member: <uid=drefuser11>;uid=drefuser11,dc=example,dc=com # member: <uid=drefuser12>;uid=drefuser12,dc=example,dc=com objectClass: extensibleObject objectClass: groupOfNames gidNumber: 10001 cn: ref_grp1 member: uid=drefuser1,dc=example,dc=com member: uid=drefuser2,dc=example,dc=com member: uid=drefuser3,dc=example,dc=com member: uid=drefuser4,dc=example,dc=com member: uid=drefuser5,dc=example,dc=com member: uid=drefuser6,dc=example,dc=com member: uid=drefuser7,dc=example,dc=com member: uid=drefuser8,dc=example,dc=com member: uid=drefuser9,dc=example,dc=com member: uid=drefuser10,dc=example,dc=com member: uid=drefuser11,dc=example,dc=com member: uid=drefuser12,dc=example,dc=com 2. Configure sssd.conf with the following in domain section: [domain/LDAP] id_provider = ldap auth_provider = ldap enumerate = FALSE debug_level = 0xFFF0 ldap_uri = ldap://<ldapserver> ldap_search_base = dc=example,dc=com ldap_schema = rfc2307bis ldap_group_object_class = groupOfNames 3. Lookup group ref_grp1 # getent group ref_grp1; echo $? 2 Actual results: Lookup via sssd fails. Domain log shows: (Fri Jun 13 08:18:53 2014) [sssd[be[LDAP]]] [sdap_get_generic_ext_done] (0x0400): Search result: Protocol error(2), Dereference control: attribute decoding error (Fri Jun 13 08:18:53 2014) [sssd[be[LDAP]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Protocol error(2), Dereference control: attribute decoding error (Fri Jun 13 08:18:53 2014) [sssd[be[LDAP]]] [sdap_x_deref_search_done] (0x0100): sdap_get_generic_ext_recv failed [5]: Input/output error (Fri Jun 13 08:18:53 2014) [sssd[be[LDAP]]] [sdap_deref_search_done] (0x0040): dereference processing failed [5]: Input/output error (Fri Jun 13 08:18:53 2014) [sssd[be[LDAP]]] [sdap_nested_group_deref_direct_done] (0x0020): Error processing direct membership [5]: Input/output error (Fri Jun 13 08:18:53 2014) [sssd[be[LDAP]]] [sdap_nested_done] (0x0020): Nested group processing failed: [5][Input/output error] (Fri Jun 13 08:18:53 2014) [sssd[be[LDAP]]] [sdap_id_op_done] (0x0200): communication error on cached connection, moving to next server (Fri Jun 13 08:18:53 2014) [sssd[be[LDAP]]] [sdap_id_op_done] (0x4000): too many communication failures, giving up... (Fri Jun 13 08:18:53 2014) [sssd[be[LDAP]]] [sdap_id_op_done] (0x4000): releasing operation connection (Fri Jun 13 08:18:53 2014) [sssd[be[LDAP]]] [sdap_id_release_conn_data] (0x4000): releasing unused connection (Fri Jun 13 08:18:53 2014) [sssd[be[LDAP]]] [sdap_handle_release] (0x2000): Trace: sh[0x1025ae0], connected[1], ops[(nil)], ldap[0x1010a50], destructor_lock[0], release_memory[0] (Fri Jun 13 08:18:53 2014) [sssd[be[LDAP]]] [remove_connection_callback] (0x4000): Successfully removed connection callback. (Fri Jun 13 08:18:53 2014) [sssd[be[LDAP]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,5,Group lookup failed Expected results: Group lookup should work Additional info:
Fields changed
blockedby: => blocking: => changelog: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => owner: somebody => lslebodn review: True => 0 selected: => status: new => assigned testsupdated: => 0
patch: 0 => 1
resolution: => fixed status: assigned => closed
Metadata Update from @dpal: - Issue assigned to lslebodn - Issue set to the milestone: SSSD 1.11.7
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3425
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.