SSSD / sssd

Clone

#3550 refresh_expired_interval does not work with netgrous in 1.15
Closed: Fixed 6 years ago Opened 6 years ago by lslebodn.

Closed: Fixed
Reopen Issue

sssd.conf:

    [sssd]
    config_file_version = 2
    services = nss, pam
    domains = LDAP

    [nss]
    filter_groups = root
    filter_users = root
    entry_cache_nowait_percentage = 50
    memcache_timeout = 1

    [domain/LDAP]
    id_provider = ldap
    ldap_uri = ldap://$SERVER
    ldap_netgroup_search_base = ou=Netgroups,$BASE_DN
    cache_credentials = TRUE
    entry_cache_timeout = 120
    refresh_expired_interval = 25
    debug_level = 9

Initial data in LDAP:

    dn: cn=netgrp_art,ou=Netgroups,$BASE_DN
    objectClass: nisNetgroup
    objectClass: top
    cn: netgrp_art
    nisNetgroupTriple: (host1,kau10,example.com)

Steps to reproduce:

  • clean sssd cache and restart sssd rm -f /var/lib/sss/db/*; service sssd restart
  • getent netgroup netgrp_art
  • modify netgroup tripplet in LDAP
        dn: cn=netgrp_art,ou=Netgroups,$BASE_DN
        changetype: modify
        replace: nisNetgroupTriple
        nisNetgroupTriple: (host2,ami10,example.com)
  • sleep a second more that value of refresh_expired_interval
  • sleep 26
  • check that returned entry has new value getent netgroup netgrp_art | grep host2

Metadata Update from @lslebodn:
- Issue tagged with: regression
6 years ago

My experience is that entry in sssd cache was refreshed after 104 seconds but responder returned new value after 120 seconds.

Metadata Update from @jhrozek:
- Issue priority set to: blocker
- Issue set to the milestone: SSSD 1.16.1
6 years ago

This seems like old bug in 1.15 already and it is blocking 1.16.1 now.
Move to 1.16.2 so 1.16.1 can move forward?

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
6 years ago

I tend to agree, because what was broken was not the background refresh itself, but netgroup-only code. So if the PR won't be reviewed quite soon, I would also prefer to remove the ticket from 1.16.1 and release the tarball.

PR: https://github.com/SSSD/sssd/pull/528

Metadata Update from @jhrozek:
- Issue tagged with: PR
6 years ago

Nice :) The PR seems simple enough to make it into 1.16.1

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.2 (was: SSSD 1.16.1)
6 years ago

Metadata Update from @jhrozek:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)
6 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4576

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata

PR regression

None
None
blocker
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.