Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1155283
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
Description of problem: supplemental group resolution fails with sssd 1.11.6-30.el6 Version-Release number of selected component (if applicable): sssd 1.11.6-30.el6 How reproducible: 100% Additional info: In 6.6, we switched to using TokenGroups to resolve even POSIX groups for performance reasons. In 6.5 and earlier, we only used TokenGroups if ID mapping was in use, not POSIX attributes. But we fail the initgroups operation for one reason or another. Workaround can be used as. ldap_use_tokengroups = False
This problem is fixed by commit f834f71 (master), which was created as a solution of ticket #2361.
blockedby: => blocking: => changelog: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => mark: no => 0 review: True => 0 selected: => testsupdated: => 0
Fields changed
owner: somebody => lslebodn
summary: supplemental group resolution fails with sssd 1.11.6-30.el6 => supplemental group resolution fails with sssd 1.11.6-30.el6 with id_provider=ldap connected to AD
We just need to push f834f71 into sssd-1-11
milestone: NEEDS_TRIAGE => SSSD 1.11.8
resolution: => fixed status: new => closed
Apologies if this is the wrong place, but even after the latest sssd release on RHEL6 (sssd-1.11.6-30.el6_6.3.x86_64) I'm still getting intermittent problems with users having no supplemental groups. I have a case open with Red Hat Support, but I'm not getting very far, partly because it's so intermittent.
Is there anything else I can do to get this investigated further? Where is the right place to discuss this?
Replying to [comment:7 jberanek]:
Apologies if this is the wrong place, but even after the latest sssd release on RHEL6 (sssd-1.11.6-30.el6_6.3.x86_64) I'm still getting intermittent problems with users having no supplemental groups. I have a case open with Red Hat Support, but I'm not getting very far, partly because it's so intermittent. I'm sorry to hear that. The patch from this ticket was reverted in upstream because it caused regressions with dereferencing attributes from OpenLDAP server. Is there anything else I can do to get this investigated further? Where is the right place to discuss this?
I'm sorry to hear that. The patch from this ticket was reverted in upstream because it caused regressions with dereferencing attributes from OpenLDAP server.
But there is another patch in rhel6.6 which shoudl fix this problem as well #2483 (it fixes problem with Active Directory and ldap provider)
You can get faster response from upstream if you send mail to sssd-users mailing list.
cc: => john@redux.org.uk
Replying to [comment:6 jhrozek]:
master: f834f71 sssd-1-11: 29e5b5d
Previous patches were reverted by:
resolution: fixed => status: closed => reopened
The comment 10 says that patches were reverted, but bug was fixed in different ticket #2483.
Therefore changing state from closed:fixed to closed:duplicate
resolution: => duplicate status: reopened => closed
Metadata Update from @jhrozek: - Issue assigned to lslebodn - Issue set to the milestone: SSSD 1.11.8
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3514
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.