#3660 confdb_expand_app_domains() always fails
Closed: Fixed a year ago Opened a year ago by fidencio.

confdb_expand_app_domains() always fails due to a failure in ldb_wait() (called from confdb_merge_parent_domain()).

This issue has never been noticed before because the confdb is actually expanded (see record #5 below) and in the monitor code (the only place where this function is called) ignores any error coming from this function.

[root@client ~]# systemctl stop sssd
[root@client ~]# rm -rf /var/lib/sss/db/*
[root@client ~]# rm -rf /var/log/sssd/*
[root@client ~]# systemctl start sssd
[root@client ~]# grep --color "Failed to expand application domains" /var/log/sssd/*
/var/log/sssd/sssd.log:(Wed Mar  7 10:42:18:520156 2018) [sssd] [get_monitor_config] (0x0010): Failed to expand application domains
[root@client ~]# ldbsearch -H /var/lib/sss/db/config.ldb 
server_sort:Unable to register control with rootdse!
# record 1
dn: cn=sssd,cn=config
cn: sssd
debug_level: 9
domains: ipa.example, domtest, apptest
services: nss, pam, ssh, sudo
distinguishedName: cn=sssd,cn=config

# record 2
dn: cn=config
version: 2
lastUpdate: 1520419302
distinguishedName: cn=config

# record 3
dn: cn=ipa.example,cn=domain,cn=config
access_provider: ipa
auth_provider: ipa
cache_credentials: True
chpass_provider: ipa
cn: ipa.example
id_provider: ipa
ipa_domain: ipa.example
ipa_hostname: client.ipa.example
ipa_server: _srv_, master.ipa.example
krb5_store_password_if_offline: True
ldap_tls_cacert: /etc/ipa/ca.crt
distinguishedName: cn=ipa.example,cn=domain,cn=config

# record 4
dn: cn=nss,cn=config
cn: nss
homedir_substring: /home
distinguishedName: cn=nss,cn=config

# record 5
dn: cn=apptest,cn=domain,cn=config
cn: apptest
domain_type: application
id_provider: ldap
ldap_search_base: dc=example,dc=com
ldap_uri: ldap://ldap.example.com
inherit_from: domtest
distinguishedName: cn=apptest,cn=domain,cn=config

# record 6
dn: cn=domtest,cn=domain,cn=config
cn: domtest
id_provider: ldap
ldap_search_base: dc=example,dc=com
ldap_uri: ldap://ldap.example.com
distinguishedName: cn=domtest,cn=domain,cn=config

# record 7
dn: cn=sudo,cn=config
cn: sudo
distinguishedName: cn=sudo,cn=config

# record 8
dn: cn=ssh,cn=config
cn: ssh
distinguishedName: cn=ssh,cn=config

# record 9
dn: cn=autofs,cn=config
cn: autofs
distinguishedName: cn=autofs,cn=config

# record 10
dn: cn=ifp,cn=config
cn: ifp
distinguishedName: cn=ifp,cn=config

# record 11
dn: cn=secrets,cn=config
cn: secrets
distinguishedName: cn=secrets,cn=config

# record 12
dn: cn=pac,cn=config
cn: pac
distinguishedName: cn=pac,cn=config

# record 13
dn: cn=pam,cn=config
cn: pam
distinguishedName: cn=pam,cn=config

# record 14
dn: cn=apptest,cn=application,cn=config
cn: apptest
inherit_from: domtest
distinguishedName: cn=apptest,cn=application,cn=config

# record 15
dn: cn=session_recording,cn=config
cn: session_recording
distinguishedName: cn=session_recording,cn=config

# returned 15 records
# 15 entries
# 0 referrals

Metadata Update from @fidencio:
- Issue assigned to fidencio

a year ago

Metadata Update from @fidencio:
- Custom field patch adjusted to on

a year ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.2

a year ago

Metadata Update from @jhrozek:
- Issue tagged with: PR, bug

a year ago

Metadata Update from @jhrozek:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

a year ago

Login to comment on this ticket.