Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1446101
Description of problem: Configure IPA with an AD trust, then add the same certificate for 2 different idoverrideuser. The infopipe method ListByCertificate does not return the users. If the certificate is added to a single idoverrideuser, ListByCertificate succeeds and returns the users Version-Release number of selected component (if applicable): ipa-server.x86_64 4.5.0-8.el7 sssd.x86_64 1.15.2-17.el7sb How reproducible: Always Steps to Reproduce: 1. Configure ipa server with ipa-server-install 2. Prepare the server with ipa-adtrust-install 3. Add the AD trust ipa trust-add --type=ad domain-ad.com --admin Administrator --password --two-way=true 4. Add the certificate to first user: ipa idoverrideuser-add 'Default Trust View' alice@dom-ad.com --certificate MII.. 5. Add the certificate to the second user: ipa idoverrideuser-add 'Default Trust View' bob@dom-ad.com --certificate MII.. 6. Query the users matching the cert dbus-send --system --print-reply --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users.ListByCertificate string:"$(cat cert.pem)" uint32:10 method return sender=:1.528 -> dest=:1.529 reply_serial=2 array [ ] Actual results: No user is found Expected results: The users alice and bob should be returned Additional info: /var/log/sssd/sssd_dom...log shows: [sssd[be[dom-idm.com]]] [ipa_get_ad_override_done] (0x0020): Found [2] overrides with filter [(&(objectClass=ipaUserOverride)(userCertificate;binary=...))], expected only 1. If one of the idoverrideuser is removed, then the method successfully returns the other user: ipa idoverrideuser-del 'Default Trust View' alice@dom-ad.com --certificate MII... dbus-send --system --print-reply --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users.ListByCertificate string:"$(cat cert.pem)" uint32:10 method return sender=:1.535 -> dest=:1.536 reply_serial=2 array [ object path "/org/freedesktop/sssd/infopipe/Users/dom_...com/1171201223" ]
Metadata Update from @jhrozek: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1446101
Metadata Update from @pbrezina: - Issue set to the milestone: None - Issue tagged with: bugzilla
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4456
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @pbrezina: - Issue close_status updated to: cloned-to-github - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.