Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1162480
Description of problem: Group lookup fails with "Dereference control: attribute decoding error" failure against openldap server Version-Release number of selected component (if applicable): sssd-1.12.2-10.el7 How reproducible: Always Steps to Reproduce: 1. Openldap server (openldap-servers-2.4.39-8.el6) has a group ref_grp1 with 12 members. 2. Setup sssd with the following in domain section: [domain/LDAP] debug_level = 0xFFF0 id_provider = ldap ldap_uri = ldap://<ldapserver> ldap_search_base = dc=example,dc=com ldap_schema = rfc2307bis ldap_group_object_class = groupOfNames 3. # getent group ref_grp1 ; echo $? 2 Actual results: Group lookup via sssd fails. Domain log shows: (Tue Nov 11 01:54:19 2014) [sssd[be[LDAP]]] [sdap_get_generic_op_finished] (0x0400): Search result: Protocol error(2), Dereference control: attribute decoding error (Tue Nov 11 01:54:19 2014) [sssd[be[LDAP]]] [sdap_get_generic_op_finished] (0x0040): Unexpected result from ldap: Protocol error(2), Dereference control: attribute decoding error (Tue Nov 11 01:54:19 2014) [sssd[be[LDAP]]] [generic_ext_search_handler] (0x0040): sdap_get_generic_ext_recv failed [5]: Input/output error (Tue Nov 11 01:54:19 2014) [sssd[be[LDAP]]] [sdap_deref_search_done] (0x0040): dereference processing failed [5]: Input/output error (Tue Nov 11 01:54:19 2014) [sssd[be[LDAP]]] [sdap_nested_group_deref_direct_done] (0x0020): Error processing direct membership [5]: Input/output error (Tue Nov 11 01:54:19 2014) [sssd[be[LDAP]]] [sdap_nested_done] (0x0020): Nested group processing failed: [5][Input/output error] (Tue Nov 11 01:54:19 2014) [sssd[be[LDAP]]] [sdap_id_op_done] (0x0200): communication error on cached connection, moving to next server (Tue Nov 11 01:54:19 2014) [sssd[be[LDAP]]] [sdap_id_op_done] (0x4000): too many communication failures, giving up... Expected results: Group lookup should work fine as the issue was fixed in bug 1109188 Additional info: ldapsearch works fine from the client: # ldapsearch -x -LLL -h <ldapserver> -b 'dc=example,dc=com' -E '!deref=member:cn,uid' cn=ref_grp1 dn: cn=ref_grp1,ou=qagroup,dc=example,dc=com # member: <cn=Dref_User1>;<uid=drefuser1>;uid=drefuser1,dc=example,dc=com # member: <cn=Dref_User2>;<uid=drefuser2>;uid=drefuser2,dc=example,dc=com # member: <cn=Dref_User3>;<uid=drefuser3>;uid=drefuser3,dc=example,dc=com # member: <cn=Dref_User4>;<uid=drefuser4>;uid=drefuser4,dc=example,dc=com # member: <cn=Dref_User5>;<uid=drefuser5>;uid=drefuser5,dc=example,dc=com # member: <cn=Dref_User6>;<uid=drefuser6>;uid=drefuser6,dc=example,dc=com # member: <cn=Dref_User7>;<uid=drefuser7>;uid=drefuser7,dc=example,dc=com # member: <cn=Dref_User8>;<uid=drefuser8>;uid=drefuser8,dc=example,dc=com # member: <cn=Dref_User9>;<uid=drefuser9>;uid=drefuser9,dc=example,dc=com # member: <cn=Dref_User10>;<uid=drefuser10>;uid=drefuser10,dc=example,dc=com # member: <cn=Dref_User11>;<uid=drefuser11>;uid=drefuser11,dc=example,dc=com # member: <cn=Dref_User12>;<uid=drefuser12>;uid=drefuser12,dc=example,dc=com objectClass: extensibleObject objectClass: groupOfNames gidNumber: 10001 cn: ref_grp1 member: uid=drefuser1,dc=example,dc=com member: uid=drefuser2,dc=example,dc=com member: uid=drefuser3,dc=example,dc=com member: uid=drefuser4,dc=example,dc=com member: uid=drefuser5,dc=example,dc=com member: uid=drefuser6,dc=example,dc=com member: uid=drefuser7,dc=example,dc=com member: uid=drefuser8,dc=example,dc=com member: uid=drefuser9,dc=example,dc=com member: uid=drefuser10,dc=example,dc=com member: uid=drefuser11,dc=example,dc=com member: uid=drefuser12,dc=example,dc=com
master: 30c964a
blockedby: => blocking: => changelog: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => mark: no => 0 owner: somebody => sbose review: True => 0 selected: => testsupdated: => 0
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.12.3 resolution: => fixed status: new => closed
Metadata Update from @jhrozek: - Issue assigned to sbose - Issue set to the milestone: SSSD 1.12.3
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3532
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.