Learn more about these different git repos.
Other Git URLs
To reproduce:
ipa user-add bottomusr ipa group-add bottomgr ipa group-add-member --users=bottomusr bottomgr ipa group-add topgr ipa group-add-member --groups=bottomgr topgr getent group topgr getent passwd bottomusr ipa group-remove-member --groups=bottomgr topgr sudo sss_cache -E getent group topgr
This is similar to bug #2939 except the extra getent passwd step here. With the getent passwd, we turn the ghost entry into a full member entry (which we then fail to remove, too)
Fields changed
description: To reproduce: {{{ ipa user-add bottomusr ipa group-add bottomgr ipa group-add-member --users=bottomusr bottomgr ipa group-add topgr ipa group-add-member --groups=bottomgr topgr
getent group topgr getent passwd bottomusr ipa group-remove-member --groups=bottomgr topgr sudo sss_cache -E getent passwd topgr
}}}
This is similar to bug #2939 except the extra getent passwd step here. With the getent passwd, we turn the ghost entry into a full member entry (which we then fail to remove, too) => To reproduce: {{{ ipa user-add bottomusr ipa group-add bottomgr ipa group-add-member --users=bottomusr bottomgr ipa group-add topgr ipa group-add-member --groups=bottomgr topgr
getent group topgr getent passwd bottomusr ipa group-remove-member --groups=bottomgr topgr sudo sss_cache -E getent group topgr
rhbz: => todo
I have a patch in my branch, picking up
milestone: NEEDS_TRIAGE => SSSD 1.14 alpha owner: somebody => jhrozek status: new => assigned
Bugfixes shouldn't block the Beta release.
milestone: SSSD 1.14 alpha => SSSD 1.14.0
So far nobody complained about this bug and we need to keep the 1.14.0 release smaller. But since there is a fix, only moving to the small 1.15 release.
milestone: SSSD 1.14.0 => SSSD 1.15 Beta
owner: jhrozek => pcech status: assigned => new
status: new => assigned
patch: 0 => 1
resolution: => fixed status: assigned => closed
I would like to ask if we need patch for 1.13.3 too.
I'm not sure, but I lean towards backporting it. The bug was there since forever, has an easy workaround (remove the cache) and removing group members is a relatively rare operation. On the other hand, the bug can cause extra memberships to be applied to the user.
(btw, quite few developers are reading all ticket updates, if you want to reach everyone, just writing to sssd-devel might be better..)
Replying to [comment:11 jhrozek]:
I'm not sure, but I lean towards backporting it. The bug was there since forever, has an easy workaround (remove the cache) and removing group members is a relatively rare operation.
While I do agree with you, I still know about customers who often use small groups with just one or two members to test basic functionality.
Replying to [comment:12 tscherf]:
Replying to [comment:11 jhrozek]: I'm not sure, but I lean towards backporting it. The bug was there since forever, has an easy workaround (remove the cache) and removing group members is a relatively rare operation. While I do agree with you, I still know about customers who often use small groups with just one or two members to test basic functionality. Then if Petr agrees and this is not so much work, then I'm fine with backporting these patches to stable branches. But please note that for RHEL, we would still need a bugzilla for RHEL-6, IIRC we have one only for RHEL-7.4 which would be solved by this ticket already because we are rebasing sssd in 7.4 to 1.15.
While I do agree with you, I still know about customers who often use small groups with just one or two members to test basic functionality. Then if Petr agrees and this is not so much work, then I'm fine with backporting these patches to stable branches. But please note that for RHEL, we would still need a bugzilla for RHEL-6, IIRC we have one only for RHEL-7.4 which would be solved by this ticket already because we are rebasing sssd in 7.4 to 1.15.
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1361597 (Red Hat Enterprise Linux 7)
rhbz: todo => [https://bugzilla.redhat.com/show_bug.cgi?id=1361597 1361597]
Metadata Update from @jhrozek: - Issue assigned to pcech - Issue set to the milestone: SSSD 1.15.3
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3981
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Log in to comment on this ticket.