#3706 Hide debug message domain not found for well known sid
Closed: Fixed a year ago Opened a year ago by pbrezina.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1565761

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Description of problem:
Some SID which are well known & static should not be lookup in AD example https

lookups of these well-known SIDs should not be necessary (due to the static
nature, the data could be buillt-on for faster lookups)

We see entries like

[sdap_ad_tokengroups_get_posix_members] (0x0080): Domain not found for SID

Grep for identical entries reveals the full list of well-known SIDs with logs
entries as follows:


Looks this code will fix the issue:
sdap_ad_save_group_membership_with_idmapping(){ ./src/providers/ldap/sdap_async_initgroups_ad.c
const char domptr;
const char
if(well_known_sid_to_name(sid,&domptr, &nameptr) != EOK){ <<<<<<<
domain = sss_get_domain_by_sid_ldap_fallback(user_dom, sid);
if (domain == NULL) {
DEBUG(SSSDBG_MINOR_FAILURE, "Domain not found for SID %s\n", sid);
} <<<<<<<

But need to test it.

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.2
- Issue tagged with: easyfix

a year ago

@amitkumar25nov yes, I think something like this, although I think it might be better to only call the well_known function in the fail handler to avoid printing the debug message, otherwise we would convert the sid to name needlessly.

It might be cleanest to add is_well_known_sid function, but I'm not sure if it's worth extending the API because of this single use-case..

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1565761

a year ago

Metadata Update from @jhrozek:
- Issue tagged with: PR, bug

a year ago

Metadata Update from @jhrozek:
- Issue assigned to jhrozek

a year ago

Metadata Update from @jhrozek:
- Issue priority set to: minor

a year ago

Metadata Update from @fidencio:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

a year ago

Login to comment on this ticket.