#2663 id lookup for non-root domain users doesn't return all groups on first attempt
Closed: Fixed None Opened 3 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1226834

Created attachment 1033226
domain log after the first id lookup

Description of problem:
id lookup for non-root domain users doesn't return all groups on first attempt

Version-Release number of selected component (if applicable):
sssd-1.12.4-43.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. sssd is configured with ad backend
[domain/sssdad.com]
debug_level = 0xFFF0
id_provider = ad
use_fully_qualified_names = True
fallback_homedir = /home/%d/%u

2. Clear cache and restart sssd.

3. Perform a id lookup of non-root domain user
# id user1_dom2-968808@sssdad_tree.com
uid=295201867(user1_dom2-968808@sssdad_tree.com)
gid=295201867(user1_dom2-968808@sssdad_tree.com)
groups=295201867(user1_dom2-968808@sssdad_tree.com),295200513(domain
users@sssdad_tree.com)

4. Repeat step 2
# id user1_dom2-968808@sssdad_tree.com
uid=295201867(user1_dom2-968808@sssdad_tree.com)
gid=295201867(user1_dom2-968808@sssdad_tree.com)
groups=295201867(user1_dom2-968808@sssdad_tree.com),295200513(domain
users@sssdad_tree.com),295201868(group1_dom2-968808@sssdad_tree.com)


Actual results:
Initial id lookup doesn't return the group group1_dom2. But next lookup, the
group is returned.

Domain log shows:
[sssd[be[sssdad.com]]] [sysdb_set_entry_attr] (0x0080): ldb_modify failed: [No
such object](32)[ldb_wait: No such object (32)]
[sssd[be[sssdad.com]]] [set_initgroups_expire_attribute] (0x0020): Failed to
set initgroups expire attribute
[sssd[be[sssdad.com]]] [acctinfo_callback] (0x0100): Request processed.
Returned 3,2,Init group lookup failed


Expected results:


Additional info:

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
mark: no => 0
owner: somebody => sbose
patch: 0 => 1
review: True => 0
selected: =>
testsupdated: => 0

resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.12.5

2 years ago

Login to comment on this ticket.

Metadata