#620 getgrouplist/initgroups does NOT work with LDAP backend when the requested user is not cached
Closed: Fixed None Opened 10 years ago by ralf.

The attached test programm produces only the expected output (the gids of all groups the user is member of) if the user being requested is already cached in the sysdb. Other wise it returns nothing. From the nss-responder logs:

(Fri Sep 10 16:13:41 2010) [sssd[nss]] [nss_cmd_initgroups] (4): Requesting info for [ldapuser1] from [<ALL>]
(Fri Sep 10 16:13:41 2010) [sssd[nss]] [nss_cmd_initgroups_search] (4): Requesting info for [ldapuser1@LDAP]
(Fri Sep 10 16:13:41 2010) [sssd[nss]] [ldb] (9): tevent: Added timed event "ltdb_callback": 0x64f5e0
(Fri Sep 10 16:13:41 2010) [sssd[nss]] [ldb] (9): tevent: Added timed event "ltdb_timeout": 0x654f50
(Fri Sep 10 16:13:41 2010) [sssd[nss]] [ldb] (9): tevent: Destroying timer event 0x654f50 "ltdb_timeout"
(Fri Sep 10 16:13:41 2010) [sssd[nss]] [ldb] (9): tevent: Ending timer event 0x64f5e0 "ltdb_callback"
(Fri Sep 10 16:13:41 2010) [sssd[nss]] [nss_cmd_initgroups_search] (1): Failed to make request to our cache!
(Fri Sep 10 16:13:41 2010) [sssd[nss]] [client_recv] (5): Client disconnected!

No LDAP request is being performed. Find the complete logs attached.


Here's the relevant section from I configuration:

[domain/LDAP]
id_provider = ldap
ldap_schema = rfc2307bis
ldap_uri = ldap://factory.libvirt-default.site
ldap_search_base = dc=libvirt-default,dc=site
ldap_tls_reqcert = try
cache_credentials = false
enumerate = False

Fields changed

summary: getgrouplist/initgroups does work with LDAP backend when the requested user is not cached => getgrouplist/initgroups does NOT work with LDAP backend when the requested user is not cached

Updated the test program to accept an arbitrary username and to skip the erroneous group zero.

Compile:

gcc -o getgrouplist getgrouplist.c

Usage:

./getgrouplist <username>

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.2.4

Fields changed

owner: somebody => sgallagh
status: new => assigned

This bug does not exist in the 1.2 branch. Re-targeting to 1.4.0.

milestone: SSSD 1.2.4 => SSSD 1.4.0

Fixed by 1286160

fixedin: => 1.4.0
resolution: => fixed
status: assigned => closed

Fields changed

rhbz: => 0

Metadata Update from @ralf:
- Issue assigned to sgallagh
- Issue set to the milestone: SSSD 1.4.0

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/1662

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata