Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1464049
Created attachment 1290646 SSSD NSS log file Description of problem: When client_idle_timeout is set in SSSD.CONF, sssd should check for and terminate idle connections. See BZ827036. However, i see a minimum of four file descriptors active even when a user is inactive for a long time. This behaviour has caused failures in our automated regression run. Version-Release number of selected component (if applicable): sssd-1.15.2-49.el7.x86_64 Steps to Reproduce: 1. Setup sssd.conf as follows: [sssd] config_file_version = 2 domains = LDAP services = nss, pam [nss] debug_level = 0xFFF0 client_idle_timeout = 30 [pam] debug_level = 0xFFF0 client_idle_timeout = 30 [domain/LDAP] id_provider = ldap auth_provider = ldap debug_level = 0xFFF0 cache_credentials = FALSE ldap_uri = ldaps://hubcap.lab.eng.pnq.redhat.com ldap_tls_cacert = /etc/openldap/certs/cacert.asc ldap_search_base = dc=example,dc=com 2. login as ldap user and do nothing for 1 minute. 3. Open a new terminal and monitor the number of NSS and PAM file descriptors. # lsof -p $(pidof sssd_nss) | grep /var/lib/sss/pipes/nss sssd_nss 4663 root 17u unix 0xffff88b53b7ff800 0t0 40687 /var/lib/sss/pipes/nss sssd_nss 4663 root 21u unix 0xffff88b539489000 0t0 41481 /var/lib/sss/pipes/nss sssd_nss 4663 root 22u unix 0xffff88b53868a000 0t0 41913 /var/lib/sss/pipes/nss sssd_nss 4663 root 23u unix 0xffff88b539977000 0t0 41683 /var/lib/sss/pipes/nss sssd_nss 4663 root 24u unix 0xffff88b538688c00 0t0 41794 /var/lib/sss/pipes/nss # lsof -p $(pidof sssd_pam) | grep /var/lib/sss/pipes/pam sssd_pam 4664 root 0u unix 0xffff88b538a03000 0t0 41454 /var/lib/sss/pipes/pam sssd_pam 4664 root 20u unix 0xffff88b51f013400 0t0 42210 /var/lib/sss/pipes/pam Actual results: After 30 seconds, sssd should terminate idle FD's however that's not happening. Expected results: SSSD should kill idle connections once client_idle_timeout is over. Additional info:
Metadata Update from @lslebodn: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1464049
Metadata Update from @lslebodn: - Issue set to the milestone: None - Issue tagged with: regression
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.15.3
Metadata Update from @jhrozek: - Issue assigned to jhrozek
WIP patch: https://github.com/jhrozek/sssd/commit/69778bd3abc549e082510facc00e4695b51947a4
But I would also like to confirm with downstream that this helps and write a test..
Metadata Update from @jhrozek: - Issue priority set to: blocker
https://github.com/SSSD/sssd/pull/327
Metadata Update from @jhrozek: - Issue tagged with: PR
Metadata Update from @lslebodn: - Custom field type adjusted to 1.15.0
Broken since 560daa1 https://fedorahosted.org/sssd/ticket/3245
master:
Metadata Update from @lslebodn: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4475
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.