Issue #2934: After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - sssd

SSSD / sssd

#2934 After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user

Closed: Fixed None Opened 4 years ago by adelton.

I have org.freedesktop.sssd.infopipe.Users.FindByCertificate working based on https://fedorahosted.org/sssd/wiki/DesignDocs/LookupUsersByCertificate.

When however I remove the certificate from the user with

dn: uid=bob,cn=users,cn=accounts,dc=example,dc=test
changetype: modify
delete: usercertificate;binary

and verify it's gone with

ipa user-find --all --raw bob

another

dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users.FindByCertificate string:"$( openssl x509 < client.crt )"

still finds the user:

method return sender=:1.136 -> dest=:1.137 reply_serial=2
   object path "/org/freedesktop/sssd/infopipe/Users/example_2etest/569400006"

Even if I attempt to purge the SSSD cache with

sss_cache -E

the {{{dbus-send}}} call still finds the user.

Only running

rm -rf /var/lib/sss/db/*cache* ; systemctl restart sssd

seems to finaly give me

Error org.freedesktop.sssd.Error.NotFound: User not found

adelton commented 4 years ago

attachment
sssd_example.test.log

adelton commented 4 years ago

attachment
sssd_ifp.log

pbrezina commented 4 years ago

Hi, can you also attach sssd.conf and full logs please? Thanks.

pbrezina commented 4 years ago

Fields changed

owner: somebody => pbrezina
status: new => assigned

jhrozek commented 4 years ago

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1308935

rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=1308935 1308935]

jhrozek commented 4 years ago

This would affect downstream, should be fixed in 1.13

milestone: NEEDS_TRIAGE => SSSD 1.13.4

pbrezina commented 4 years ago

Fields changed

patch: 0 => 1

jhrozek commented 4 years ago

master: 659232f
sssd-1-13: 90bd659

resolution: => fixed
status: assigned => closed

Metadata Update from @adelton:
- Issue assigned to pbrezina
- Issue set to the milestone: SSSD 1.13.4

3 years ago

pbrezina commented a month ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3975

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata

Assignee

pbrezina

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

SSSD 1.13.4

type

defect

component

SSSD

version

1.13.3

testsupdated

selected

None

patch

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1308935

design_review

review

changelog

None

keywords

None

coverity

None

mark

blocking

None

design

None

sensitive

None

blockedby

None

feature_milestone

None

SSSD / sssd

Source Code

Documentation

#2934 After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user Closed: Fixed None Opened 4 years ago by adelton.

Metadata

#2934 After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user

Closed: Fixed None Opened 4 years ago by adelton.