Issue #3660: confdb_expand_app_domains() always fails - sssd

SSSD / sssd

#3660 confdb_expand_app_domains() always fails

Closed: Fixed 5 years ago Opened 5 years ago by fidencio.

confdb_expand_app_domains() always fails due to a failure in ldb_wait() (called from confdb_merge_parent_domain()).

This issue has never been noticed before because the confdb is actually expanded (see record #5 below) and in the monitor code (the only place where this function is called) ignores any error coming from this function.

[root@client ~]# systemctl stop sssd
[root@client ~]# rm -rf /var/lib/sss/db/*
[root@client ~]# rm -rf /var/log/sssd/*
[root@client ~]# systemctl start sssd
[root@client ~]# grep --color "Failed to expand application domains" /var/log/sssd/*
/var/log/sssd/sssd.log:(Wed Mar  7 10:42:18:520156 2018) [sssd] [get_monitor_config] (0x0010): Failed to expand application domains
[root@client ~]# ldbsearch -H /var/lib/sss/db/config.ldb 
server_sort:Unable to register control with rootdse!
# record 1
dn: cn=sssd,cn=config
cn: sssd
debug_level: 9
domains: ipa.example, domtest, apptest
services: nss, pam, ssh, sudo
distinguishedName: cn=sssd,cn=config

# record 2
dn: cn=config
version: 2
lastUpdate: 1520419302
distinguishedName: cn=config

# record 3
dn: cn=ipa.example,cn=domain,cn=config
access_provider: ipa
auth_provider: ipa
cache_credentials: True
chpass_provider: ipa
cn: ipa.example
id_provider: ipa
ipa_domain: ipa.example
ipa_hostname: client.ipa.example
ipa_server: _srv_, master.ipa.example
krb5_store_password_if_offline: True
ldap_tls_cacert: /etc/ipa/ca.crt
distinguishedName: cn=ipa.example,cn=domain,cn=config

# record 4
dn: cn=nss,cn=config
cn: nss
homedir_substring: /home
distinguishedName: cn=nss,cn=config

# record 5
dn: cn=apptest,cn=domain,cn=config
cn: apptest
domain_type: application
id_provider: ldap
ldap_search_base: dc=example,dc=com
ldap_uri: ldap://ldap.example.com
inherit_from: domtest
distinguishedName: cn=apptest,cn=domain,cn=config

# record 6
dn: cn=domtest,cn=domain,cn=config
cn: domtest
id_provider: ldap
ldap_search_base: dc=example,dc=com
ldap_uri: ldap://ldap.example.com
distinguishedName: cn=domtest,cn=domain,cn=config

# record 7
dn: cn=sudo,cn=config
cn: sudo
distinguishedName: cn=sudo,cn=config

# record 8
dn: cn=ssh,cn=config
cn: ssh
distinguishedName: cn=ssh,cn=config

# record 9
dn: cn=autofs,cn=config
cn: autofs
distinguishedName: cn=autofs,cn=config

# record 10
dn: cn=ifp,cn=config
cn: ifp
distinguishedName: cn=ifp,cn=config

# record 11
dn: cn=secrets,cn=config
cn: secrets
distinguishedName: cn=secrets,cn=config

# record 12
dn: cn=pac,cn=config
cn: pac
distinguishedName: cn=pac,cn=config

# record 13
dn: cn=pam,cn=config
cn: pam
distinguishedName: cn=pam,cn=config

# record 14
dn: cn=apptest,cn=application,cn=config
cn: apptest
inherit_from: domtest
distinguishedName: cn=apptest,cn=application,cn=config

# record 15
dn: cn=session_recording,cn=config
cn: session_recording
distinguishedName: cn=session_recording,cn=config

# returned 15 records
# 15 entries
# 0 referrals

Metadata Update from @fidencio:
- Issue assigned to fidencio

5 years ago

fidencio commented 5 years ago

PR: https://github.com/SSSD/sssd/pull/537

Metadata Update from @fidencio:
- Custom field patch adjusted to on

5 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.2

5 years ago

Metadata Update from @jhrozek:
- Issue tagged with: PR, bug

5 years ago

jhrozek commented 5 years ago

Fixed as a part of:
14b485b
885da2c
a73d70f
f405a4a
e5c74ab

Metadata Update from @jhrozek:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

5 years ago

pbrezina commented 3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4680

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata

Assignee

fidencio

Tags

Blocking

None

Depending on

None

Priority

minor

Milestone

SSSD 1.16.2

type

None

component

None

version

None

selected

None

testsupdated

None

patch

rhbz

None

design_review

None

review

None

changelog

None

keywords

None

coverity

None

mark

None

blocking

None

design

None

sensitive

None

blockedby

None

feature_milestone

None

SSSD / sssd

Source Code

Documentation

#3660 confdb_expand_app_domains() always fails Closed: Fixed 5 years ago Opened 5 years ago by fidencio.

Metadata

PR bug

#3660 confdb_expand_app_domains() always fails

Closed: Fixed 5 years ago Opened 5 years ago by fidencio.