#4143 Cannot split netgroup triple
Closed: Invalid a year ago by sergeysurnin. Opened a year ago by sergeysurnin.

sssd-ldap-1.16.4-21.el7_7.1.x86_64

sssd.conf

[sssd]
domains = ciaso.local
services = nss, pam, sudo, ssh

[sudo]
[ssh]

[nss]
debug_level=8

[pam]

[domain/ciaso.local]
debug_level = 8
ldap_id_mapping = true
ldap_user_objectsid = objectSid
ldap_group_objectsid = objectSid
ldap_user_primary_group = primaryGroupID
case_sensitive = false
fallback_homedir = /home/%u/
default_shell = /bin/bash
ldap_referrals = False
cache_credentials = true
enumerate = False
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
access_provider = ldap
ldap_id_use_start_tls = True
ldap_tls_reqcert = demand
ldap_default_bind_dn = CN=aduser,CN=Users,DC=ciaso,DC=local
ldap_default_authtok_type = obfuscated_password
ldap_default_authtok = asdasdasd
ldap_schema = rfc2307bis
ldap_user_search_base = dc=ciaso,dc=local
ldap_user_object_class = user
ldap_user_home_directory = unixHomeDirectory
ldap_user_principal = userPrincipalName
ldap_group_search_base = dc=ciaso,dc=local
ldap_group_object_class = group
ldap_access_order = expire
ldap_account_expire_policy = ad
ldap_force_upper_case_realm = True
krb5_realm = CIASO.LOCAL
krb5_canonicalize = False
ldap_user_name = sAMAccountName
ldap_access_filter = memberOf=CN=Jet_admins,CN=Users,DC=ciaso,DC=local
ldap_access_order = filter
ldap_group_member = member

Trying getent netgroup test321
[root@asd]# getent netgroup test321
test321

sssd_nss.log
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected!
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1].
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1].
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [cache_req_set_plugin] (0x2000): CR #1: Setting "Netgroup by name" plugin
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [cache_req_send] (0x0400): CR #1: New request 'Netgroup by name'
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [cache_req_process_input] (0x0400): CR #1: Parsing input name [test321]
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'test321' matched without domain, user is test321
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [cache_req_set_name] (0x0400): CR #1: Setting name [test321]
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [cache_req_select_domains] (0x0400): CR #1: Performing a multi-domain search
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [cache_req_search_domains] (0x0400): CR #1: Search will check the cache and check the data provider
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [cache_req_validate_domain_type] (0x2000): Request type POSIX-only for domain ciaso.local type POSIX is valid
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [cache_req_set_domain] (0x0400): CR #1: Using domain [ciaso.local]
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [cache_req_prepare_domain_data] (0x0400): CR #1: Preparing input data for domain [ciaso.local] rules
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [cache_req_search_send] (0x0400): CR #1: Looking up test321@ciaso.local
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #1: Checking negative cache for [test321@ciaso.local]
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/NETGR/ciaso.local/test321]
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #1: [test321@ciaso.local] is not present in negative cache
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [cache_req_search_cache] (0x0400): CR #1: Looking up [test321@ciaso.local] in cache
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [cache_req_search_send] (0x0400): CR #1: Object found, but needs to be refreshed.
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [cache_req_search_dp] (0x0400): CR #1: Looking up [test321@ciaso.local] in data provider
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x55fb0e5db520:4:test321@ciaso.local]
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [ciaso.local][0x4][BE_REQ_NETGROUP][name=test321:-]
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [sbus_add_timeout] (0x2000): 0x55fb0f4e8f30
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x55fb0e5db520:4:test321@ciaso.local]
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x55fb0f4e8f30
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [cache_req_search_cache] (0x0400): CR #1: Looking up [test321@ciaso.local] in cache
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [cache_req_search_ncache_filter] (0x0400): CR #1: This request type does not support filtering result by negative cache
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [cache_req_search_done] (0x0400): CR #1: Returning updated object [test321@ciaso.local]
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [cache_req_create_and_add_result] (0x0400): CR #1: Found 1 entries in domain ciaso.local
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x55fb0e5db520:4:test321@ciaso.local]
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [cache_req_done] (0x0400): CR #1: Finished: Success
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [sysdb_netgr_to_entries] (0x0040): Cannot split netgroup triple [test1,test2,ciaso], this attribute will be skipped
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [nss_endent] (0x0100): Resetting enumeration state
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [client_recv] (0x0200): Client disconnected!
(Wed Jan 22 20:50:47 2020) [sssd[nss]] [client_close_fn] (0x2000): Terminated client [0x55fb0f4f4240][21]


Hi,

(Wed Jan 22 20:50:47 2020) [sssd[nss]] [sysdb_netgr_to_entries] (0x0040): Cannot split netgroup triple [test1,test2,ciaso], this attribute will be skipped

It is expected to have braces around the triple, can you change the LDAP entry to (test1,test2,ciaso) ?

HTH

bye,
Sumit

Metadata Update from @sergeysurnin:
- Issue close_status updated to: Invalid
- Issue status updated to: Closed (was: Open)

a year ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/5101

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata