#2389 Problems with tokengroups and ldap_group_search_base
Closed: Fixed None Opened 6 years ago by prefect.

When I enable ldap_group_search_base to restrict to a subset of all groups with tokengroups enabled, it breaks spectacularly. Disable tokengroups, and it works or disable ldap_group_search_base and it works.

# service sssd stop;rm -f /var/lib/sss/{db,mc}/* /var/log/sssd/*;sleep 3;service sssd start;sleep 3;id user;id user;service sssd stop
Redirecting to /bin/systemctl stop  sssd.service
Redirecting to /bin/systemctl start  sssd.service
uid=12345(user) gid=513(Domain Users) groups=513(Domain Users)
id: user: no such user

Log includes:

[sdap_get_initgr_done] (0x4000): Initgroups done
[sdap_get_initgr_done] (0x4000): Error in initgroups: [2][No such file or directory]

Tested on git/master dfef1d0

Pavel, IIRC you were working with John on the ticket. If your queue is too full, feel free to assign back to the "somebody" user.

owner: somebody => pbrezina

Fields changed

patch: 0 => 1

I can confirm that this fixes the reported issue.

Thank you very much for reporting the issue and testing the fix.

Cloning against RHEL-6 and RHEL-7..

resolution: => fixed
status: new => closed

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11.7

Metadata Update from @prefect:
- Issue assigned to pbrezina
- Issue set to the milestone: SSSD 1.11.7

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3431

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.