#3373 Infopipe method ListByCertificate does not return the users with overrides

Created 3 months ago by frenaud
Modified 3 months ago

FreeIPA configured with an AD trust, user bob is an active directory user.
Define an override for user bob which overrides the certificate:

$ echo $PASSWD | kinit admin
$ ipa idoverrideuser-add 'Default Trust View' bob@DOM-AD.COM --certificate=MII...

The call to Dbus ListByCertificate should return user bob but doesn't:

$ sudo dbus-send --system --print-reply  --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users.ListByCertificate string:"$(cat cert.pem)" uint32:10
method return sender=:1.9 -> dest=:1.95 reply_serial=2
   array [
   ]

As a consequence, ipa certmap-match does not return the users with overrides.

Thanks for the bug report. Which exact version are you running? (The output of rpm -q sssd-common is probably best)

Hi, the version is sssd-common-1.15.2-15.el7.x86_64

Thank you, I can reproduce the issue now. It's something we need to fix very soon, so I'm adding it to the next milestone as critical.

3 months ago

Metadata Update from @jhrozek:
- Issue priority set to: critical
- Issue set to the milestone: SSSD 1.15.3

3 months ago

Metadata Update from @sbose:
- Issue assigned to sbose

3 months ago

Metadata Update from @sbose:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1446139

3 months ago

Metadata Update from @sbose:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1446139

Issue linked to Bugzilla: Bug 1446139

3 months ago

Metadata Update from @sbose:
- Custom field patch adjusted to on
- Custom field rhbz reset (from https://bugzilla.redhat.com/show_bug.cgi?id=1446139)

  • master: 2e5fc89ef25434fab7febe2c52e97ef989b50d5b
3 months ago

Metadata Update from @jhrozek:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

Login to comment on this ticket.

on

cancel