Learn more about these different git repos.
Other Git URLs
The ideal is test with user who is a member of "Domain users" group
sh# id smbuser01-123456@SSSDAD2012 uid=1663280146(smbuser01-123456@sssdad2012.com) gid=1663200513(domain users@sssdad2012.com) groups=1663200513(domain users@sssdad2012.com),1663280147(smbgroup01-123456@sssdad2012.com),1663280145(smballgroup-123456@sssdad2012.com) sh# getent group 'domain users@sssdad2012.com' domain users@sssdad2012.com:*:1663200513:smbuser01-123456@sssdad2012.com sh# python Python 2.7.5 (default, Jan 18 2017, 10:25:43) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import pysss_nss_idmap >>> pysss_nss_idmap.getsidbyid(1663200513) {} >>>
As you can see in description of ticket data were already cached and should be returned from cache. Here is important part of nss log file with the wrong filter
(Sat Jan 21 12:34:25 2017) [sssd[nss]] [cache_req_set_plugin] (0x2000): CR #70: Setting "Object by ID" plugin (Sat Jan 21 12:34:25 2017) [sssd[nss]] [cache_req_send] (0x0400): CR #70: New request 'Object by ID' (Sat Jan 21 12:34:25 2017) [sssd[nss]] [cache_req_select_domains] (0x0400): CR #70: Performing a multi-domain search (Sat Jan 21 12:34:25 2017) [sssd[nss]] [cache_req_set_domain] (0x0400): CR #70: Using domain [sssdad2012.com] (Sat Jan 21 12:34:25 2017) [sssd[nss]] [cache_req_search_send] (0x0400): CR #70: Looking up ID:1663200513@sssdad2012.com (Sat Jan 21 12:34:25 2017) [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #70: Checking negative cache for [ID:1663200513@sssdad2012.com] (Sat Jan 21 12:34:25 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/UID/sssdad2012.com/1663200513] (Sat Jan 21 12:34:25 2017) [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #70: [ID:1663200513@sssdad2012.com] is not present in negative cache (Sat Jan 21 12:34:25 2017) [sssd[nss]] [cache_req_search_cache] (0x0400): CR #70: Looking up [ID:1663200513@sssdad2012.com] in cache (Sat Jan 21 12:34:25 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fd39dc7d790 (Sat Jan 21 12:34:25 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fd39dc8af40 (Sat Jan 21 12:34:25 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fd39dc7d790 "ltdb_callback" (Sat Jan 21 12:34:25 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fd39dc8af40 "ltdb_timeout" (Sat Jan 21 12:34:25 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fd39dc7d790 "ltdb_callback" (Sat Jan 21 12:34:25 2017) [sssd[nss]] [sysdb_search_object_attr] (0x0020): Search with filter [(&(|(objectclass=user)(objectclass=group))(|(uidNumber=1663200513)(gidNumber=1663200513)))] returned more than one object. (Sat Jan 21 12:34:25 2017) [sssd[nss]] [sysdb_search_object_attr] (0x0040): Error: 22 (Invalid argument) (Sat Jan 21 12:34:25 2017) [sssd[nss]] [cache_req_search_cache] (0x0020): CR #70: Unable to lookup [ID:1663200513@sssdad2012.com] in cache [22]: Invalid argument (Sat Jan 21 12:34:25 2017) [sssd[nss]] [cache_req_done] (0x0400): CR #70: Finished: Error 22: Invalid argument (Sat Jan 21 12:34:25 2017) [sssd[nss]] [nss_protocol_done] (0x4000): Sending reply: error [22]: Invalid argument (Sat Jan 21 12:34:25 2017) [sssd[nss]] [client_recv] (0x0200): Client disconnected!
With current filter, we will get group and all members of the group.
ldbsearch -H /var/lib/sss/db/cache_sssdad2012.com.ldb '(&(|(objectclass=user)(objectclass=group))(|(uidNumber=1663200513)(gidNumber=1663200513)))' dn asq: Unable to register control with rootdse! # record 1 dn: name=smbuser01-123456@sssdad2012.com,cn=users,cn=sssdad2012.com,cn=sysdb # record 2 dn: name=smbuser02-123456@sssdad2012.com,cn=users,cn=sssdad2012.com,cn=sysdb # record 3 dn: name=smbuser03-123456@sssdad2012.com,cn=users,cn=sssdad2012.com,cn=sysdb # record 4 dn: name=Domain Users@sssdad2012.com,cn=groups,cn=sssdad2012.com,cn=sysdb
Following filter is much better. But I do not remember whether we can get just one or two results because getsidbyid can return ID_USER, ID_GROUP or ID_BOTH
[root@fclient-12345 sssd]# ldbsearch -H /var/lib/sss/db/cache_sssdad2012.com.ldb '(|(&(objectclass=user)(uidNumber=1663200513))(&(objectclass=group)(gidNumber=1663200513)))' dn asq: Unable to register control with rootdse! # record 1 dn: name=Domain Users@sssdad2012.com,cn=groups,cn=sssdad2012.com,cn=sysdb
https://github.com/SSSD/sssd/pull/129
owner: somebody => lslebodn patch: 0 => 1 status: new => assigned
milestone: NEEDS_TRIAGE => SSSD 1.15 Alpha resolution: => fixed status: assigned => closed
Fields changed
rhbz: => 0
Metadata Update from @lslebodn: - Issue assigned to lslebodn - Issue set to the milestone: SSSD 1.15.0
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4316
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.