Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1525644
Description of problem: I'm trying to use dbus-send to verify that I can lookup users by certificates. When using some certs, the search fails. Error org.freedesktop.DBus.Error.NoReply: Message recipient disconnected from message bus without replying Version-Release number of selected component (if applicable): sssd-1.16.0-12 How reproducible: unknown. happening with cert I export from a CAC card. Steps to Reproduce: 1. Setup IPA server and client to use Smart Card Authentication 2. Setup certmaprules for mapping the cert: 3. Add certmapdata to user 4. run dbus-send search: # dbus-send --system --print-reply --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users.ListByCertificate string:"$(cat /tmp/cac_card_01_piv_auth.crt)" uint32:10 Actual results: Error org.freedesktop.DBus.Error.NoReply: Message recipient disconnected from message bus without replying Expected results: Finds the user Additional info: [root@seceng-idm-1 sssd]# ipa certmaprule-show maprule_9 Rule name: maprule_9 Mapping rule: (|(userCertificate;binary={cert!bin})(ipacertmapdata=X509:<I>{i ssuer_dn!nss_x500}<S>{subject_dn!nss_x500})(altSecurityIdentities=X509:<I>{issu er_dn!ad_x500}<S>{subject_dn!ad_x500})) Matching rule: <ISSUER>CN=DOD OM CA-32,OU=PKI,OU=DoD,O=U.S. Government,C=US Domain name: testrelm.test, ipaadcs12r2.test Enabled: TRUE [root@seceng-idm-1 sssd]# ipa user-show ipauser1 User login: ipauser1 First name: ipauser1 Last name: lastname Home directory: /home/ipauser1 Login shell: /bin/bash Principal name: ipauser1@TESTRELM.TEST Principal alias: ipauser1@TESTRELM.TEST Email address: ipauser1@testrelm.test UID: 908200127 GID: 908200127 Certificate mapping data: X509:<I>C=US,O=U.S. Government,OU=DoD,OU=PKI,CN=DOD OM CA-32<S>C=US,O=U.S. Government,OU=DoD,OU=PKI,OU=NOAA,CN=name.id.of.user Account disabled: False Password: True Member of groups: ipausers Kerberos keys available: True [root@seceng-idm-1 sssd]# openssl x509 -in /tmp/cac_card_01_piv_auth.crt -noout -subject -issuer subject= /C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=NOAA/CN=name.id.of.user issuer= /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD OM CA-32
Metadata Update from @sbose: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1525644
Metadata Update from @lslebodn: - Issue assigned to sbose
@sbose Do we need additional patch for this issue?
Metadata Update from @lslebodn: - Issue set to the milestone: SSSD 1.16.1
@lslebodn, no, imo this ticket can be closed.
Metadata Update from @jhrozek: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4631
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.