Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1464049
Created attachment 1290646 SSSD NSS log file Description of problem: When client_idle_timeout is set in SSSD.CONF, sssd should check for and terminate idle connections. See BZ827036. However, i see a minimum of four file descriptors active even when a user is inactive for a long time. This behaviour has caused failures in our automated regression run. Version-Release number of selected component (if applicable): sssd-1.15.2-49.el7.x86_64 Steps to Reproduce: 1. Setup sssd.conf as follows: [sssd] config_file_version = 2 domains = LDAP services = nss, pam [nss] debug_level = 0xFFF0 client_idle_timeout = 30 [pam] debug_level = 0xFFF0 client_idle_timeout = 30 [domain/LDAP] id_provider = ldap auth_provider = ldap debug_level = 0xFFF0 cache_credentials = FALSE ldap_uri = ldaps://hubcap.lab.eng.pnq.redhat.com ldap_tls_cacert = /etc/openldap/certs/cacert.asc ldap_search_base = dc=example,dc=com 2. login as ldap user and do nothing for 1 minute. 3. Open a new terminal and monitor the number of NSS and PAM file descriptors. # lsof -p $(pidof sssd_nss) | grep /var/lib/sss/pipes/nss sssd_nss 4663 root 17u unix 0xffff88b53b7ff800 0t0 40687 /var/lib/sss/pipes/nss sssd_nss 4663 root 21u unix 0xffff88b539489000 0t0 41481 /var/lib/sss/pipes/nss sssd_nss 4663 root 22u unix 0xffff88b53868a000 0t0 41913 /var/lib/sss/pipes/nss sssd_nss 4663 root 23u unix 0xffff88b539977000 0t0 41683 /var/lib/sss/pipes/nss sssd_nss 4663 root 24u unix 0xffff88b538688c00 0t0 41794 /var/lib/sss/pipes/nss # lsof -p $(pidof sssd_pam) | grep /var/lib/sss/pipes/pam sssd_pam 4664 root 0u unix 0xffff88b538a03000 0t0 41454 /var/lib/sss/pipes/pam sssd_pam 4664 root 20u unix 0xffff88b51f013400 0t0 42210 /var/lib/sss/pipes/pam Actual results: After 30 seconds, sssd should terminate idle FD's however that's not happening. Expected results: SSSD should kill idle connections once client_idle_timeout is over. Additional info:
Metadata Update from @lslebodn: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1464049
Metadata Update from @lslebodn: - Issue set to the milestone: None - Issue tagged with: regression
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.15.3
Metadata Update from @jhrozek: - Issue assigned to jhrozek
WIP patch: https://github.com/jhrozek/sssd/commit/69778bd3abc549e082510facc00e4695b51947a4
But I would also like to confirm with downstream that this helps and write a test..
Metadata Update from @jhrozek: - Issue priority set to: blocker
https://github.com/SSSD/sssd/pull/327
Metadata Update from @jhrozek: - Issue tagged with: PR
Metadata Update from @lslebodn: - Custom field type adjusted to 1.15.0
Broken since 560daa1 https://fedorahosted.org/sssd/ticket/3245
master:
Metadata Update from @lslebodn: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.