#3134 sssd is not able to authenticate with alias
Closed: Fixed None Opened 2 years ago by lslebodn.

Create user with few aliases

dn: uid=User_CS2,ou=Users,dc=example,dc=com
objectClass: account
objectClass: posixAccount
objectClass: extensibleObject
cn: User_CS2
uidNumber: 1111112
gidNumber: 1111112
homeDirectory: /home/User_CS2
loginShell: /bin/bash
uid: User_CS2
uid: User_CS2_Alias

Authenticate twice within pam_id_timeout timeout (5 seconds by default)
Expected result:
Both attempts should pass
Actual result:
The 2nd attempt fails


It is possible that there is a simpler reproducer:

cat << EOF > /etc/pam.d/sssdproxyldap
auth        required      pam_ldap.so
account     required      pam_ldap.so
password    required      pam_ldap.so
session     required      pam_ldap.so
EOF

cat <<EOF > /etc/pam_ldap.conf
base $DS_BASE_DN
pam_password md5
host $SERVER
tls_cacertfile /etc/openldap/certs/cacert.asc
EOF

cat <<EOF > /etc/nslcd.conf
uid nslcd
gid ldap
uri ldap://$SERVER
base $DS_BASE_DN
ignorecase yes
EOF

service nslcd restart

cat <<EOF >/etc/sssd/sssd.cong
[sssd]
services = nss, pam
domains = PROXY

[domain/PROXY]
id_provider = proxy
proxy_lib_name = ldap
proxy_pam_target = sssdproxyldap
case_sensitive = preserving
EOF

ldbsearch after 1st authentication

[root@host sssd]# ldbsearch -H /var/lib/sss/db/cache_PROXY.ldb -b cn=users,cn=PROXY,cn=sysdb nameAlias name
# record 1
dn: name=User_CS2@proxy,cn=users,cn=PROXY,cn=sysdb
name: User_CS2@proxy
nameAlias: user_cs2
nameAlias: user_cs2@proxy

ldbsearch after 2nd authentication

[root@host sssd]# ldbsearch -H /var/lib/sss/db/cache_PROXY.ldb -b cn=users,cn=PROXY,cn=sysdb nameAlias name
# record 1
dn: name=User_CS2@proxy,cn=users,cn=PROXY,cn=sysdb
name: User_CS2@proxy
nameAlias: user_cs2
nameAlias: user_cs2_alias@proxy

Fields changed

summary: sssd is not able to authentica with alias => sssd is not able to authenticate with alias

Fields changed

owner: somebody => fidencio

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.14.2
priority: major => critical

Fields changed

patch: 0 => 1

master

resolution: => fixed
status: new => closed

Metadata Update from @lslebodn:
- Issue assigned to fidencio
- Issue set to the milestone: SSSD 1.14.2

2 years ago

Login to comment on this ticket.

Metadata