#2614 id lookup resolves "Domain Local" group and errors appear in domain log
Closed: Fixed None Opened 5 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1207720

Description of problem:
id lookup resolves "Domain Local" group and errors appear in domain log.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. sssd.conf domain section has:
debug_level = 0x7480
id_provider = ad
access_provider = ad
ad_domain = sssdad.com
krb5_realm = SSSDAD.COM
cache_credentials = True
krb5_store_password_if_offline = True
use_fully_qualified_names = True

2. Add a group "kaugrp1" with group scope "Domain Local". kau1 user is a member
in that group.

3. # id kau1@sssdad_tree.com
uid=295201603(kau1@sssdad_tree.com) gid=295201603(kau1@sssdad_tree.com)

Actual results:
kaugrp1 is shown as a group and following error appears in the domain log:

(Tue Mar 31 20:00:06 2015) [sssd[be[sssdad.com]]] [sdap_save_group] (0x4000):
AD group [kaugrp1@sssdad_tree.com] has type flags 0x80000004.
(Tue Mar 31 20:00:06 2015) [sssd[be[sssdad.com]]] [sdap_save_group] (0x0400):
Filtering AD group [kaugrp1@sssdad_tree.com]
(Tue Mar 31 20:00:06 2015) [sssd[be[sssdad.com]]] [sysdb_set_entry_attr]
(0x0080): ldb_modify failed: [Attribute or value exists](20)[attribute
'gidNumber': value #1 on
'name=kaugrp1@sssdad_tree.com,cn=groups,cn=sssdad_tree.com,cn=sysdb' provided
more than once]
(Tue Mar 31 20:00:06 2015) [sssd[be[sssdad.com]]] [sysdb_store_group] (0x1000):
sysdb_set_group_attr failed.
(Tue Mar 31 20:00:06 2015) [sssd[be[sssdad.com]]] [sysdb_store_group] (0x0400):
Error: 17 (File exists)
(Tue Mar 31 20:00:06 2015) [sssd[be[sssdad.com]]] [sdap_save_group] (0x0080):
Could not store group with GID: [File exists]
(Tue Mar 31 20:00:06 2015) [sssd[be[sssdad.com]]] [sdap_save_group] (0x0080):
Failed to save group [kaugrp1@sssdad_tree.com]: [File exists]

Expected results:
Domain Local group should not be resolved.

Additional info:

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
mark: no => 0
milestone: NEEDS_TRIAGE => SSSD 1.12.5
owner: somebody => lslebodn
priority: major => critical
review: True => 0
selected: =>
testsupdated: => 0

Fields changed

patch: 0 => 1
status: new => assigned

resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to lslebodn
- Issue set to the milestone: SSSD 1.12.5

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3655

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.