SSSD / sssd

Clone

#3493 Remove the pysss.local interface
Closed: Fixed 5 years ago Opened 6 years ago by jhrozek.

Closed: Fixed
Reopen Issue

We are de-emphasizing the local domain in favor of the files domain. There is no point in offering a python interface for the local domain. We should just remove it.

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.0
6 years ago

Metadata Update from @jhrozek:
- Issue tagged with: breaks compatibility
6 years ago

Metadata Update from @jhrozek:
- Issue priority set to: minor
6 years ago

Metadata Update from @fidencio:
- Issue assigned to fidencio
5 years ago

Metadata Update from @fidencio:
- Issue tagged with: PR
5 years ago

Metadata Update from @jhrozek:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)
5 years ago

Unfortunately, FreeIPA does use this interface and now we are broken:

[root@cloud-qe-19 ~]# ipa hbactest --host=cloud-qe-19.octy120.test --service=sshd --user='IPAAD2016\aduser1'
ipa: ERROR: an internal error has occurred
[root@cloud-qe-19 ~]# tail -30 /var/log/httpd/error_log
[Wed Oct 24 03:03:47.477681 2018] [wsgi:error] [pid 8771:tid 140573238957824] [remote 10.19.34.59:34812] ipa: DEBUG: Destroyed connection context.ldap2_140573265369968
[Wed Oct 24 03:03:47.493424 2018] [:warn] [pid 8775:tid 140573163890432] [client 10.19.34.59:34812] failed to set perms (3140) on file (/var/run/ipa/ccaches/admin@OCTY120.TEST)!, referer: https://cloud-qe-19.octy120.test/ipa/xml
[Wed Oct 24 03:03:47.493951 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812] ipa: DEBUG: WSGI wsgi_dispatch.__call__:
[Wed Oct 24 03:03:47.494025 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812] ipa: DEBUG: WSGI jsonserver_session.__call__:
[Wed Oct 24 03:03:47.526543 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812] ipa: DEBUG: Created connection context.ldap2_140573265365760
[Wed Oct 24 03:03:47.526616 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812] ipa: DEBUG: WSGI jsonserver.__call__:
[Wed Oct 24 03:03:47.526666 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812] ipa: DEBUG: WSGI WSGIExecutioner.__call__:
[Wed Oct 24 03:03:47.526915 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812] ipa: DEBUG: raw: hbactest(user='IPAAD2016\\\\aduser1', targethost='cloud-qe-19.octy120.test', service='sshd', version='2.230')
[Wed Oct 24 03:03:47.527093 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812] ipa: DEBUG: hbactest(user='IPAAD2016\\\\aduser1', targethost='cloud-qe-19.octy120.test', service='sshd', nodetail=False, enabled=False, disabled=False, version='2.230')
[Wed Oct 24 03:03:47.527386 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812] ipa: DEBUG: raw: hbacrule_find(None, sizelimit=None, version='2.230', no_members=False)
[Wed Oct 24 03:03:47.527566 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812] ipa: DEBUG: hbacrule_find(None, sizelimit=None, all=False, raw=False, version='2.230', no_members=False, pkey_only=False)
[Wed Oct 24 03:03:47.529372 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812] ipa: DEBUG: retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-OCTY120-TEST.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7fd9c2fb3e80>
[Wed Oct 24 03:03:47.717473 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812] ipa: ERROR: non-public: AttributeError: module 'pysss' has no attribute 'getgrouplist'
[Wed Oct 24 03:03:47.717492 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812] Traceback (most recent call last):
[Wed Oct 24 03:03:47.717495 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812]   File "/usr/lib/python3.6/site-packages/ipaserver/rpcserver.py", line 370, in wsgi_execute
[Wed Oct 24 03:03:47.717499 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812]     result = command(*args, **options)
[Wed Oct 24 03:03:47.717501 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812]   File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 450, in __call__
[Wed Oct 24 03:03:47.717504 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812]     return self.__do_call(*args, **options)
[Wed Oct 24 03:03:47.717510 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812]   File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 478, in __do_call
[Wed Oct 24 03:03:47.717514 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812]     ret = self.run(*args, **options)
[Wed Oct 24 03:03:47.717516 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812]   File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 800, in run
[Wed Oct 24 03:03:47.717519 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812]     return self.execute(*args, **options)
[Wed Oct 24 03:03:47.717522 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812]   File "/usr/lib/python3.6/site-packages/ipaserver/plugins/hbactest.py", line 410, in execute
[Wed Oct 24 03:03:47.717525 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812]     user_sid, group_sids = domain_validator.get_trusted_domain_user_and_groups(options['user'])
[Wed Oct 24 03:03:47.717527 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812]   File "/usr/lib/python3.6/site-packages/ipaserver/dcerpc.py", line 614, in get_trusted_domain_user_and_groups
[Wed Oct 24 03:03:47.717530 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812]     group_list = pysss.getgrouplist(object_name)
[Wed Oct 24 03:03:47.717534 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812] AttributeError: module 'pysss' has no attribute 'getgrouplist'
[Wed Oct 24 03:03:47.717541 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812] 
[Wed Oct 24 03:03:47.717668 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812] ipa: INFO: [jsonserver_session] admin@OCTY120.TEST: hbactest/1(user='IPAAD2016\\\\aduser1', targethost='cloud-qe-19.octy120.test', service='sshd', version='2.230'): InternalError
[Wed Oct 24 03:03:47.718159 2018] [wsgi:error] [pid 8774:tid 140573238957824] [remote 10.19.34.59:34812] ipa: DEBUG: Destroyed connection context.ldap2_140573265365760

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1642372
5 years ago

Issue linked to Bugzilla: Bug 1642372
  • master: 0603645f5ea5f707875807b4f815400f4b79e41

This re-adds the getgroupslist() api

Metadata Update from @jhrozek:
- Issue set to the milestone: None (was: SSSD 2.0)
5 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4519

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata

breaks compatibility PR

None
None
minor
None
None
None
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1642372
None
None
None
None
None
None
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.