#2934 After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user
Closed: Fixed None by adelton. Opened 2 years ago by adelton.

I have org.freedesktop.sssd.infopipe.Users.FindByCertificate working based on https://fedorahosted.org/sssd/wiki/DesignDocs/LookupUsersByCertificate.

When however I remove the certificate from the user with

dn: uid=bob,cn=users,cn=accounts,dc=example,dc=test
changetype: modify
delete: usercertificate;binary

and verify it's gone with

ipa user-find --all --raw bob

another

dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users.FindByCertificate string:"$( openssl x509 < client.crt )"

still finds the user:

method return sender=:1.136 -> dest=:1.137 reply_serial=2
   object path "/org/freedesktop/sssd/infopipe/Users/example_2etest/569400006"

Even if I attempt to purge the SSSD cache with

sss_cache -E

the {{{dbus-send}}} call still finds the user.

Only running

rm -rf /var/lib/sss/db/*cache* ; systemctl restart sssd

seems to finaly give me

Error org.freedesktop.sssd.Error.NotFound: User not found

Hi, can you also attach sssd.conf and full logs please? Thanks.

Fields changed

owner: somebody => pbrezina
status: new => assigned

This would affect downstream, should be fixed in 1.13

milestone: NEEDS_TRIAGE => SSSD 1.13.4

Fields changed

patch: 0 => 1

resolution: => fixed
status: assigned => closed

Metadata Update from @adelton:
- Issue assigned to pbrezina
- Issue set to the milestone: SSSD 1.13.4

2 years ago

Login to comment on this ticket.

Metadata