[description of the issue] The fix for #8044 in commit 9fe984f replaced the LDAP_NO_SUCH_OBJECT error code at two places where it was actually correct. As a result lookups for UIDs or GIDs will return the generic LDAP_OPERATIONS_ERROR to clients if the UID or GID is coming from a different domain than the requested. Since the given UID or GID does not exists in the domain LDAP_NO_SUCH_OBJECT is the right return code and would help the client to act accordingly.
getent passwd UID_of_an_IPA_user
getent group GID_Of-IPA_group
With debug_level = 9 in the sssd_nss.log messages like Data Provider Error: 3, 1432158230, Network I/O Error and in the backend log messages like ldap_extended_operation result: Operations error(1), Failed to handle the request. can be seen.
debug_level = 9
sssd_nss.log
Data Provider Error: 3, 1432158230, Network I/O Error
ldap_extended_operation result: Operations error(1), Failed to handle the request.
Nss responder and backend log should just indicate that the given UID or GID is not present in the given domain.
ipa-4.6 and above, all versions where fox for #8044 was applied.
Metadata Update from @rcritten: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=2000261
Issue linked to Bugzilla: Bug 2000261
Metadata Update from @rcritten: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=2000261 https://bugzilla.redhat.com/show_bug.cgi?id=2000263 (was: https://bugzilla.redhat.com/show_bug.cgi?id=2000261)
Metadata Update from @rcritten: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=2000261 https://bugzilla.redhat.com/show_bug.cgi?id=2000263 https://bugzilla.redhat.com/show_bug.cgi?id=2000269 (was: https://bugzilla.redhat.com/show_bug.cgi?id=2000261 https://bugzilla.redhat.com/show_bug.cgi?id=2000263)
master:
ipa-4-6:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
ipa-4-8:
ipa-4-9:
Login to comment on this ticket.