#3134 sssd is not able to authenticate with alias
Closed: Fixed None Opened 3 years ago by lslebodn.

Create user with few aliases

dn: uid=User_CS2,ou=Users,dc=example,dc=com
objectClass: account
objectClass: posixAccount
objectClass: extensibleObject
cn: User_CS2
uidNumber: 1111112
gidNumber: 1111112
homeDirectory: /home/User_CS2
loginShell: /bin/bash
uid: User_CS2
uid: User_CS2_Alias

Authenticate twice within pam_id_timeout timeout (5 seconds by default)
Expected result:
Both attempts should pass
Actual result:
The 2nd attempt fails


It is possible that there is a simpler reproducer:

cat << EOF > /etc/pam.d/sssdproxyldap
auth        required      pam_ldap.so
account     required      pam_ldap.so
password    required      pam_ldap.so
session     required      pam_ldap.so
EOF

cat <<EOF > /etc/pam_ldap.conf
base $DS_BASE_DN
pam_password md5
host $SERVER
tls_cacertfile /etc/openldap/certs/cacert.asc
EOF

cat <<EOF > /etc/nslcd.conf
uid nslcd
gid ldap
uri ldap://$SERVER
base $DS_BASE_DN
ignorecase yes
EOF

service nslcd restart

cat <<EOF >/etc/sssd/sssd.cong
[sssd]
services = nss, pam
domains = PROXY

[domain/PROXY]
id_provider = proxy
proxy_lib_name = ldap
proxy_pam_target = sssdproxyldap
case_sensitive = preserving
EOF

ldbsearch after 1st authentication

[root@host sssd]# ldbsearch -H /var/lib/sss/db/cache_PROXY.ldb -b cn=users,cn=PROXY,cn=sysdb nameAlias name
# record 1
dn: name=User_CS2@proxy,cn=users,cn=PROXY,cn=sysdb
name: User_CS2@proxy
nameAlias: user_cs2
nameAlias: user_cs2@proxy

ldbsearch after 2nd authentication

[root@host sssd]# ldbsearch -H /var/lib/sss/db/cache_PROXY.ldb -b cn=users,cn=PROXY,cn=sysdb nameAlias name
# record 1
dn: name=User_CS2@proxy,cn=users,cn=PROXY,cn=sysdb
name: User_CS2@proxy
nameAlias: user_cs2
nameAlias: user_cs2_alias@proxy

Fields changed

summary: sssd is not able to authentica with alias => sssd is not able to authenticate with alias

Fields changed

owner: somebody => fidencio

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.14.2
priority: major => critical

Fields changed

patch: 0 => 1

master

resolution: => fixed
status: new => closed

Metadata Update from @lslebodn:
- Issue assigned to fidencio
- Issue set to the milestone: SSSD 1.14.2

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4167

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata