Issue #2663: id lookup for non-root domain users doesn't return all groups on first attempt - sssd

SSSD / sssd

#2663 id lookup for non-root domain users doesn't return all groups on first attempt

Closed: Fixed None Opened 9 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1226834

Created attachment 1033226
domain log after the first id lookup

Description of problem:
id lookup for non-root domain users doesn't return all groups on first attempt

Version-Release number of selected component (if applicable):
sssd-1.12.4-43.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. sssd is configured with ad backend
[domain/sssdad.com]
debug_level = 0xFFF0
id_provider = ad
use_fully_qualified_names = True
fallback_homedir = /home/%d/%u

2. Clear cache and restart sssd.

3. Perform a id lookup of non-root domain user
# id user1_dom2-968808@sssdad_tree.com
uid=295201867(user1_dom2-968808@sssdad_tree.com)
gid=295201867(user1_dom2-968808@sssdad_tree.com)
groups=295201867(user1_dom2-968808@sssdad_tree.com),295200513(domain
users@sssdad_tree.com)

4. Repeat step 2
# id user1_dom2-968808@sssdad_tree.com
uid=295201867(user1_dom2-968808@sssdad_tree.com)
gid=295201867(user1_dom2-968808@sssdad_tree.com)
groups=295201867(user1_dom2-968808@sssdad_tree.com),295200513(domain
users@sssdad_tree.com),295201868(group1_dom2-968808@sssdad_tree.com)


Actual results:
Initial id lookup doesn't return the group group1_dom2. But next lookup, the
group is returned.

Domain log shows:
[sssd[be[sssdad.com]]] [sysdb_set_entry_attr] (0x0080): ldb_modify failed: [No
such object](32)[ldb_wait: No such object (32)]
[sssd[be[sssdad.com]]] [set_initgroups_expire_attribute] (0x0020): Failed to
set initgroups expire attribute
[sssd[be[sssdad.com]]] [acctinfo_callback] (0x0100): Request processed.
Returned 3,2,Init group lookup failed


Expected results:


Additional info:

jhrozek commented 9 years ago

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
mark: no => 0
owner: somebody => sbose
patch: 0 => 1
review: True => 0
selected: =>
testsupdated: => 0

jhrozek commented 9 years ago

master: d0b7e5f
sssd-1-12: edc1538

resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.12.5

7 years ago

pbrezina commented 4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3704

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata

Assignee

sbose

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

SSSD 1.12.5

type

defect

component

SSSD

version

None

selected

None

testsupdated

patch

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1226834

design_review

review

changelog

None

keywords

None

coverity

None

mark

blocking

None

design

None

sensitive

None

blockedby

None

feature_milestone

None

SSSD / sssd

Source Code

Documentation

#2663 id lookup for non-root domain users doesn't return all groups on first attempt Closed: Fixed None Opened 9 years ago by jhrozek.

Metadata

#2663 id lookup for non-root domain users doesn't return all groups on first attempt

Closed: Fixed None Opened 9 years ago by jhrozek.