#2475 Wrong results returned with enumeration
Closed: Fixed None Opened 5 years ago by lslebodn.

Version:

[root@host sssd]# rpm -q sssd
sssd-1.12.3-0.20141022.2245.gitb1593da.master.el6.x86_64

LDIF:

[root@host sssd]# ldapsearch -h $SERVER -x -b ou=Groups,dc=example,dc=com -LLL
dn: ou=Groups,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Groups

dn: cn=group10000,ou=Groups,dc=example,dc=com
objectClass: posixGroup
gidNumber: 10000
cn: group10000
memberUid: user10000
memberUid: user10001

dn: cn=user10000,ou=Groups,dc=example,dc=com
objectClass: posixGroup
gidNumber: 10001
cn: user10000

dn: cn=user10001,ou=Groups,dc=example,dc=com
objectClass: posixGroup
gidNumber: 10002
cn: user10001

Reproducer:

[root@host sssd]# getent -s sss group
group10000:*:10000:user10000,user10001
group10000:*:10001:
group10000:*:10002:

sssd.conf:

[sssd]
config_file_version = 2
domains             = LDAP
services            = nss, pam
debug_level         = 0xFFFF

[nss]
debug_level         = 0xFFFF
memcache_timeout    = 0
enum_cache_timeout  = 0

[pam]
debug_level         = 0xFFFF

[domain/LDAP]
id_provider         = ldap
auth_provider       = ldap
debug_level         = 0xFFFF
ldap_uri            = ldaps://ldap.example.com
ldap_tls_cacert     = /etc/openldap/certs/cacert.asc
ldap_search_base    = dc=example,dc=com


enumerate                           = true
entry_cache_timeout                 = 0
entry_negative_timeout              = 0
ldap_schema                         = rfc2307
ldap_group_object_class             = posixGroup
ldap_enumeration_refresh_timeout    = 300
ignore_group_members                = false

Fields changed

owner: somebody => sbose
status: new => assigned

Fields changed

patch: 0 => 1

milestone: NEEDS_TRIAGE => SSSD 1.12.3
resolution: => fixed
status: assigned => closed

Metadata Update from @lslebodn:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.12.3

2 years ago

Login to comment on this ticket.

Metadata