#3045 sssd should fallback to local users with ldap_rfc2307_fallback_to_local_users
Closed: Fixed 7 months ago by atikhonov. Opened 4 years ago by lslebodn.

sssd.conf

[sssd]
config_file_version = 2 
services = nss, pam 
domains = LDAP

[domain/LDAP] 
debug_level = 0xFFF0 
id_provider = ldap 
ldap_uri = ldap://$SERVER 
ldap_search_base = $DS_BASE_DN 
ldap_rfc2307_fallback_to_local_users = True



:: [   PASS   ] :: File '/var/log/sssd/sssd_LDAP.log' should contain 'Option ldap_rfc2307_fallback_to_local_users is TRUE'
:: [   PASS   ] :: Command 'getent group ldap_group | grep local_user | grep ldap_user' (Expected 0, got 0)
:: [   FAIL   ] :: Command 'id local_user | grep ldap_group' (Expected 0, got 1)
:: [   PASS   ] :: Command 'id non_existant_user' (Expected 1, got 1)
:: [   PASS   ] :: Command 'getent group ldap_group | grep local_user | grep ldap_user' (Expected 0, got 0)
:: [   FAIL   ] :: Command 'ldbsearch -H /var/lib/sss/db/cache_LDAP.ldb name=ldap_group member | grep local_user' (Expected 0, got 1)
:: [   FAIL   ] :: Command 'ldbsearch -H /var/lib/sss/db/cache_LDAP.ldb name=local_user memberof | grep ldap_group' (Expected 0, got 1)
:: [   PASS   ] :: Command 'ldbsearch -H /var/lib/sss/db/cache_LDAP.ldb name=ldap_group dataExpireTimestamp | grep "dataExpireTimestamp: 1"' (Expected 0, got 0)
:: [   FAIL   ] :: Command 'ldbsearch -H /var/lib/sss/db/cache_LDAP.ldb name=local_user dataExpireTimestamp | grep "dataExpireTimestamp: 1"' (Expected 0, got 1)
:: [   FAIL   ] :: Command 'id local_user | grep ldap_group' (Expected 0, got 1)
:: [   PASS   ] :: Command 'getent group ldap_group | grep local_user | grep ldap_user' (Expected 0, got 0)

It works with sssd-1.13.3-22.el6.x86_64 (default el6)
but does not work with upstream sssd-1.13.4-3.el6.x86_64(copr @sssd/sssd-1-13).
Because the problematic commit is not in el6.

git bisect found out problematic commit 5ff7a76

https://bugzilla.redhat.com/show_bug.cgi?id=1293168

Since this is a regression, moving into the stable branch.

milestone: NEEDS_TRIAGE => SSSD 1.13.5

Fields changed

owner: somebody => mzidek

There is a missing test for this ticket.
Therefore increasing a priority.

priority: major => critical

Fields changed

rhbz: => 0

Metadata Update from @lslebodn:
- Issue assigned to mzidek
- Issue set to the milestone: SSSD 1.13.5

3 years ago

Metadata Update from @thalman:
- Custom field design_review adjusted to on (was: 0)
- Custom field mark adjusted to on (was: 0)
- Custom field patch adjusted to on (was: 0)
- Custom field review adjusted to on (was: 0)
- Custom field sensitive adjusted to on (was: 0)
- Custom field testsupdated adjusted to on (was: 0)
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

7 months ago

According to the comments, bug was fixed, but test missing.

Status "wontfix" doesn't make sense.

Metadata Update from @atikhonov:
- Issue status updated to: Open (was: Closed)

7 months ago

Metadata Update from @atikhonov:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

7 months ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4078

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata