#2514 gid is overridden by uid in default trust view
Closed: Fixed None Opened 4 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1168904

Description of problem:
On client gid is overidden with the uid set for the user in default trust view

Version-Release number of selected component (if applicable):
ipa-server-4.1.0-10.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. Add trust
2. Add only a uid value for a AD user
3. Clear sssd cache and check user with id command on both server and client.
GID on client is same as the UID

4. Add gidnumber to the same user
5. Clear cache and check user with id command

Actual results:

On Server

[root@ibm-x3620m3-01 ~]# ipa idoverrideuser-add 'Default Trust View'
aduser1@adtest.qe --uid 5555
------------------------------------------
Added User ID override "aduser1@adtest.qe"
------------------------------------------
  Anchor to override: aduser1@adtest.qe
  UID: 5555

[root@ibm-x3620m3-01 ~]# service sssd stop ; rm -fr /var/lib/sss/{mc,db}/* ;
service sssd start
Redirecting to /bin/systemctl stop  sssd.service
Redirecting to /bin/systemctl start  sssd.service

[root@ibm-x3620m3-01 ~]# id aduser1@adtest.qe
uid=5555(aduser1@adtest.qe) gid=1148401313(aduser1@adtest.qe) groups=1148401313
(aduser1@adtest.qe),1148402424(adunigroup1@adtest.qe),1148401449(adgroup1@adtes
t.qe),1148402425(adgroup2@adtest.qe),1148400513(domain
users@adtest.qe),1119800008(adgrp)

On Client

[root@gizmo ~]# id aduser1@adtest.qe
uid=5555(aduser1@adtest.qe) gid=5555(aduser1@adtest.qe)
groups=5555(aduser1@adtest.qe),1148400513(domain users@adtest.qe),1148402424,11
48401449,1148402425(adgroup2@adtest.qe),1119800008(adgrp)

-------------------------------------------------

On Server

[root@ibm-x3620m3-01 ~]# ipa idoverrideuser-mod 'Default Trust View'
aduser1@adtest.qe --gidnumber 6666
------------------------------------------------
Modified an User ID override "aduser1@adtest.qe"
------------------------------------------------
  Anchor to override: aduser1@adtest.qe
  UID: 5555
  GID: 6666
[root@ibm-x3620m3-01 ~]# service sssd stop ; rm -fr /var/lib/sss/{mc,db}/* ;
service sssd start
Redirecting to /bin/systemctl stop  sssd.service
Redirecting to /bin/systemctl start  sssd.service

[root@ibm-x3620m3-01 ~]# id aduser1@adtest.qe
uid=5555(aduser1@adtest.qe) gid=6666(aduser1@adtest.qe) groups=6666(aduser1@adt
est.qe),1148402424(adunigroup1@adtest.qe),1148401449(adgroup1@adtest.qe),114840
2425(adgroup2@adtest.qe),1148400513(domain users@adtest.qe),1119800008(adgrp)

On Client

[root@gizmo ~]# service sssd stop ; rm -fr /var/lib/sss/{mc,db}/* ; service
sssd start
Redirecting to /bin/systemctl stop  sssd.service
Redirecting to /bin/systemctl start  sssd.service

[root@gizmo ~]# id aduser1@adtest.qe
id: aduser1@adtest.qe: no such user

[root@gizmo ~]# id aduser1@adtest.qe
uid=5555(aduser1@adtest.qe) gid=5555(aduser1@adtest.qe)
groups=5555(aduser1@adtest.qe)

[root@gizmo ~]# id aduser1@adtest.qe
uid=5555(aduser1@adtest.qe) gid=5555(aduser1@adtest.qe)
groups=5555(aduser1@adtest.qe)

[root@gizmo ~]# service sssd stop ; rm -fr /var/lib/sss/{mc,db}/* ; service
sssd start
Redirecting to /bin/systemctl stop  sssd.service
Redirecting to /bin/systemctl start  sssd.service

[root@gizmo ~]# id aduser1@adtest.qe
id: aduser1@adtest.qe: no such user

[root@gizmo ~]# id aduser1@adtest.qe
uid=5555(aduser1@adtest.qe) gid=5555(aduser1@adtest.qe)
groups=5555(aduser1@adtest.qe)


Expected results:


Additional info:

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
mark: no => 0
owner: somebody => sbose
review: True => 0
selected: =>
testsupdated: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.12.3

Fields changed

patch: 0 => 1

master:
- b52b261
- 034dcab

resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.12.3

2 years ago

Login to comment on this ticket.

Metadata