#622 initgroups() does not work with rfc2307 (memberuid) groups
Closed: Fixed None Opened 10 years ago by ralf.

When using rfc2307 groups I see this in the LDAP provider logs when running "id <username>":

Fri Sep 10 16:47:35 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (6): calling ldap_search_ext with [(&(memberuid=ldapuser1)(objectclass=posixGroup))][dc=libvirt-default,dc=site].
(Fri Sep 10 16:47:35 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): Requesting attrs: [cn]
(Fri Sep 10 16:47:35 2010) [sssd[be[LDAP]]] [ldap_search_ext_try] (4): calling ldap_search_ext()
(Fri Sep 10 16:47:35 2010) [sssd[be[LDAP]]] [ldap_search_ext_try] (4): ldap_search_ext() succeeded, msgid = 8
(Fri Sep 10 16:47:35 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0x6792c0], connected[1], ops[0x68fa30], ldap[0x679a20]
(Fri Sep 10 16:47:35 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: ldap_result found nothing!
(Fri Sep 10 16:47:35 2010) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0x6792c0], connected[1], ops[0x68fa30], ldap[0x679a20]
(Fri Sep 10 16:47:35 2010) [sssd[be[LDAP]]] [sdap_parse_entry] (9): OriginalDN: [cn=memberuid1,ou=group,dc=libvirt-default,dc=site].
(Fri Sep 10 16:47:35 2010) [sssd[be[LDAP]]] [sdap_parse_entry] (1): Unknown entry type, no objectClasses found!
(Fri Sep 10 16:47:35 2010) [sssd[be[LDAP]]] [sdap_get_generic_done] (1): sdap_parse_generic_entry failed.
(Fri Sep 10 16:47:35 2010) [sssd[be[LDAP]]] [sdap_get_initgr_done] (9): Initgroups done

The id output is imcomplete (it only shows the primariy group).


This looks like a misconfiguration on the server side. Can you please include the complete LDAP entry for memberuid1?

From the log you posted:

(Fri Sep 10 16:47:35 2010) [sssd[be[LDAP]]] [sdap_parse_entry] (9): OriginalDN: [cn=memberuid1,ou=group,dc=libvirt-default,dc=site].
(Fri Sep 10 16:47:35 2010) [sssd[be[LDAP]]] [sdap_parse_entry] (1): Unknown entry type, no objectClasses found!

Replying to [comment:1 sgallagh]:

This looks like a misconfiguration on the server side. Can you please include the complete LDAP entry for memberuid1?

here it is:

dn: cn=memberuid1,ou=group,dc=libvirt-default,dc=site
objectClass: posixGroup
memberUid: ldapuser1
gidNumber: 5000
cn: memberuid1?

From the log you posted:
{{{
(Fri Sep 10 16:47:35 2010) [sssd[be[LDAP]]] [sdap_parse_entry] (9): OriginalDN: [cn=memberuid1,ou=group,dc=libvirt-default,dc=site].
(Fri Sep 10 16:47:35 2010) [sssd[be[LDAP]]] [sdap_parse_entry] (1): Unknown entry type, no objectClasses found!
}}}

Note the during the LDAP server only the "cn" Attribute is requested. So it is no wonder that sssd doesn't find any objectclasses in the returned entry:

Fri Sep 10 16:47:35 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (6): calling ldap_search_ext with [(&(memberuid=ldapuser1)(objectclass=posixGroup))][dc=libvirt-default,dc=site].
(Fri Sep 10 16:47:35 2010) [sssd[be[LDAP]]] [sdap_get_generic_send] (7): Requesting attrs: [cn]

If sssd really needs to read the objectclass, it should request it from the server. I also checked the server side logs. The client does really only request "cn". And the server returns the correct object to the client.

Hmm, good eye. I missed that. Yeah, that looks like a bug.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.2.4

Fields changed

owner: somebody => sgallagh
status: new => assigned

Fixed by 7fce06b

fixedin: => 1.4.0
resolution: => fixed
status: assigned => closed

Fields changed

rhbz: => 0

Metadata Update from @ralf:
- Issue assigned to sgallagh
- Issue set to the milestone: SSSD 1.2.4

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/1664

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata