#9295 Nightly test failure (sssd) in test_trust.py::TestNonPosixAutoPrivateGroup and test_trust.py::TestPosixAutoPrivateGroup
Closed: fixed 5 months ago by frenaud. Opened 2 years ago by frenaud.


The nightly tests detected a regression when using the nightly build of sssd master branch.
Failing tests:

  • test_trust.py::TestNonPosixAutoPrivateGroup::test_idoverride_with_auto_private_group[hybrid]
  • test_trust.py::TestPosixAutoPrivateGroup::test_only_uid_number_auto_private_group_default[true]

The regression was seen with PR #2251, with the following logs and report:

self = <ipatests.test_integration.test_trust.TestNonPosixAutoPrivateGroup object at 0x7fa8319aaa10>
type = 'hybrid'

    @pytest.mark.parametrize('type', ['hybrid', 'true', "false"])
    def test_idoverride_with_auto_private_group(self, type):
        Override ad trusted user in default trust view
        and set auto-private-groups=[hybrid,true,false]
        and ensure that overridden values takes effect.
        nonposixuser = "nonposixuser@%s" % self.ad_domain
        with self.set_idoverrideuser(nonposixuser,
>           (uid, gid) = self.get_user_id(self.clients[0], nonposixuser)

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
test_integration/test_trust.py:138: in get_user_id
    test_id = host.run_command(["id", username])
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <ipatests.pytest_ipa.integration.host.Host client0.ipa.test (client)>
argv = ['id', 'nonposixuser@ad.test'], set_env = True, stdin_text = None
log_stdout = True, raiseonerr = True, cwd = None, bg = False, encoding = 'utf-8'
ok_returncode = 0

    def run_command(self, argv, set_env=True, stdin_text=None,
                    log_stdout=True, raiseonerr=True,
                    cwd=None, bg=False, encoding='utf-8', ok_returncode=0):
        """Wrapper around run_command to log stderr on raiseonerr=True

        :param ok_returncode: return code considered to be correct,
                              you can pass an integer or sequence of integers
        result = super().run_command(
            argv, set_env=set_env, stdin_text=stdin_text,
            log_stdout=log_stdout, raiseonerr=False, cwd=cwd, bg=bg,
        # in FIPS mode SSH may print noise to stderr, remove the string
        # "FIPS mode initialized" + optional newline.
        result.stderr_bytes = FIPS_NOISE_RE.sub(b'', result.stderr_bytes)
            result_ok = result.returncode in ok_returncode
        except TypeError:
            result_ok = result.returncode == ok_returncode
        if not result_ok and raiseonerr:
            result.log.error('stderr: %s', result.stderr_text)
>           raise subprocess.CalledProcessError(
                result.returncode, argv,
                result.stdout_text, result.stderr_text
E           subprocess.CalledProcessError: Command '['id', 'nonposixuser@ad.test']' returned non-zero exit status 1.

pytest_ipa/integration/host.py:202: CalledProcessError
 ------------------------------Captured stderr call------------------------------ 
ipa: ERROR: stderr: id: ‘nonposixuser@ad.test’: no such user

Test scenario:

  • configure IPA with a trust to AD
  • set an override for the AD user (force uid and gid) in the Default Trust View
  • configure the range with auto-private-group=hybrid
  • resolve the ad user on the master with id nonposixuser@ad.test: the user is properly resolved:
master# id nonposixuser@ad.test
uid=99999999(nonposixuser@ad.test) gid=78878787(idgroup) groups=78878787(idgroup),517400513(domain users@ad.test)
  • same op on an IPA client fails:
client0# id nonposixuser@ad.test
id: ‘nonposixuser@ad.test’: no such user

The test was successful the previous week (PR #2232 - report) with sssd-client-2.9.0-0.221125.122823.git4a6eb258c.fc37.x86_64.

The failure was seen with sssd-client-2.9.0-0.221205.102345.git8b09c9387.fc37.x86_64.

Commits between the 2 hashes:

8b09c9387e55b177d6b1ec65afe65e354e19b96b Translations: add missing `tools/sssctl/sssctl_cert.c` and macros
664a436e9ce758554938183d1475e7353020e495 Test: gssapi test fix
80690213f25855eecfa5345f43af37226bc34458 po: update translations
b0bdf712eb632f94e9925d32fb703bdfd574e11d certmap: Add documentation for some internal functions
882f560e68a881a95d7f66745a3530176bdd0a66 certmap: add LDAPU1 rules to man page
4ac53fb5ef95cd2c94f076299aa4d3213c3c9be6 certmap: add tests for new attributes and LDAPU1 rules
1303c6241bb27ef902787dcd526aeaae3417063a certmap: add LDAPU1 mapping rules
0a906107322fffc17757480f9e540796f9f181ce certmap: dump new attributes in sss_cert_dump_content()
3676a4fba473b93df2b32fb143ef0b261d04d9f6 certmap: add get_digest_list() and get_hash()
11483f1ec046f1062df68f1544e49fd59473084e sssctl: add cert-eval-rule sub-command
c4085c9a7d1ec54c1b830583128148a0c7b807d8 certmap: add bin_to_hex() helper function
f293507d9f6efda9908a3ec971ce7f4eac284ae1 certmap: fix for SAN URI
9e1b711b2611e7390bcbcd4a9682dd18e71c3d72 certmap: add support for SID extension
10d977a3675a8145314edea0bebd7b9ac01eda89 certamp: add support for subject key id
3f8bc8720ff871490c6a6233b1a21bc1d2018cf1 certmap: add support for serial number
e4dd11f2c2cd59031f904a1e30ed5b67edbdd54f SYSDB: pre-existence of MPG group in the cache isn't an error
ad0a8c6a33ea5bbad8058112b95bef00bb76d5c9 Tests: fix test_sssctl_local.py::Testsssctl::test_0002_bz1599207
51b11db8b99a77ba5ccf6f850c2e81b5a6ee9f79 pac: relax default check
b3d7a4f6d4e1d4fa1bd33b296cd4301973f1860c ipa: do not add guessed principal to the cache
91789449b7a8b20056e1edfedd8f8cf92f7a0a2a PAC: allow to disable UPN check
340691fae95a2fc66c85d5da8db14f227b2c88a8 MAN: Fix option typo on sssd-kcm.8
fc3fad982e39d560a80c1a8b922455a190718cb7 Tests: Fix automount OU removal from AD.


  • 3bba254 ipatests: mark known failures for autoprivategroup


  • e2b0843 ipatests: mark known failures for autoprivategroup

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

a year ago

Metadata Update from @frenaud:
- Issue status updated to: Open (was: Closed)

a year ago

I'm re-opening the issue, the above commits marked the tests as xfail but the issue is still present.


  • dfb5099 ipatests: remove xfail thanks to sssd 2.9.4
  • 908ef6a ipatests: add xfail for autoprivate group test with override


  • b00fd30 ipatests: remove xfail thanks to sssd 2.9.4
  • ed2a8eb ipatests: add xfail for autoprivate group test with override


  • d539230 ipatests: remove xfail thanks to sssd 2.9.4
  • 5376bf6 ipatests: add xfail for autoprivate group test with override

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

5 months ago

The 2 tests are now passing with sssd 2.9.4-1

Log in to comment on this ticket.