#2934 After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user
Closed: Fixed None Opened 4 years ago by adelton.

I have org.freedesktop.sssd.infopipe.Users.FindByCertificate working based on https://fedorahosted.org/sssd/wiki/DesignDocs/LookupUsersByCertificate.

When however I remove the certificate from the user with

dn: uid=bob,cn=users,cn=accounts,dc=example,dc=test
changetype: modify
delete: usercertificate;binary

and verify it's gone with

ipa user-find --all --raw bob


dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users.FindByCertificate string:"$( openssl x509 < client.crt )"

still finds the user:

method return sender=:1.136 -> dest=:1.137 reply_serial=2
   object path "/org/freedesktop/sssd/infopipe/Users/example_2etest/569400006"

Even if I attempt to purge the SSSD cache with

sss_cache -E

the {{{dbus-send}}} call still finds the user.

Only running

rm -rf /var/lib/sss/db/*cache* ; systemctl restart sssd

seems to finaly give me

Error org.freedesktop.sssd.Error.NotFound: User not found

Hi, can you also attach sssd.conf and full logs please? Thanks.

Fields changed

owner: somebody => pbrezina
status: new => assigned

This would affect downstream, should be fixed in 1.13

milestone: NEEDS_TRIAGE => SSSD 1.13.4

Fields changed

patch: 0 => 1

resolution: => fixed
status: assigned => closed

Metadata Update from @adelton:
- Issue assigned to pbrezina
- Issue set to the milestone: SSSD 1.13.4

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3975

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.