#1136 Fails to update if all nisNetgroupTriple or memberNisNetgroup entries are deleted from a netgroup.
Closed: Fixed None Opened 12 years ago by jhrozek.

https://bugzilla.redhat.com/show_bug.cgi?id=772297

Description of problem:
SSSD fails to update if all nisNetgroupTriple/memberNisNetgroup entries are
deleted from the netgroup on the ldap server.

Version-Release number of selected component (if applicable):
sssd-1.5.1-66.el6_2.1

How reproducible:
Always

Steps to Reproduce:
1. Originally:
# ldapsearch -x -LLL -b "dc=example,dc=com" cn=Users
dn: cn=Users,ou=Netgroup,dc=example,dc=com
objectClass: nisNetgroup
objectClass: top
cn: Users
nisNetgroupTriple: (host1.example.com,user1,example.com)
nisNetgroupTriple: (host2.example.com,user2,example.com)
nisNetgroupTriple: (host3.example.com,user2,example.com)
description: All users in my organization

# getent -s sss netgroup Users
Users                 (host1.example.com, user1, example.com)
(host2.example.com, user2, example.com) (host3.example.com, user2, example.com)

2. After deleting all nisNetgroupTriple from the netgroup on the ldap server:
# ldapsearch -x -LLL -b "dc=example,dc=com" cn=Users
dn: cn=Users,ou=Netgroup,dc=example,dc=com
objectClass: nisNetgroup
objectClass: top
cn: Users
description: All users in my organization

3. After 120 secs:
# getent -s sss netgroup Users
Users                 (host1.example.com, user1, example.com)
(host2.example.com, user2, example.com) (host3.example.com, user2, example.com)


Actual results:
Looking up the netgroup still shows all the deleted entries.

Deleting one or more nisNetgroupTriple or memberNisNetgroup entries updates
properly after entry_cache_timeout. The issue is reproducible only when all the
entries all deleted.

Expected results:
Netgroup lookup shouldn't show the deleted entries.

Additional info:
1. sssd.conf domain section:
[domain/LDAP]
debug_level = 9
id_provider = ldap
ldap_uri = ldap://lion.lab.eng.pnq.redhat.com
ldap_search_base = ou=Netgroup,dc=example,dc=com
ldap_tls_cacert = /etc/openldap/cacerts/server.pem
enumerate = true
cache_credentials = true
entry_cache_timeout = 120
ldap_purge_cache_timeout = 10

2. domain log shows:
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [be_get_account_info] (4): Got
request for [4100][1][name=Users]
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_id_op_connect_step] (9):
reusing cached connection
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_get_generic_step] (6):
calling ldap_search_ext with
[(&(cn=Users)(objectclass=nisNetgroup))][ou=Netgroup,dc=example,dc=com].
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_get_generic_step] (7):
Requesting attrs: [objectClass]
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_get_generic_step] (7):
Requesting attrs: [cn]
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_get_generic_step] (7):
Requesting attrs: [memberNisNetgroup]
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_get_generic_step] (7):
Requesting attrs: [nisNetgroupTriple]
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_get_generic_step] (7):
Requesting attrs: [nsUniqueId]
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_get_generic_step] (7):
Requesting attrs: [modifyTimestamp]
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_get_generic_step] (8):
ldap_search_ext called, msgid = 14
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace:
sh[0x864c20], connected[1], ops[0x868d00], ldap[0x869910]
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_parse_entry] (9): OriginalDN:
[cn=Users,ou=Netgroup,dc=example,dc=com].
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace:
sh[0x864c20], connected[1], ops[0x868d00], ldap[0x869910]
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_get_generic_done] (6): Search
result: Success(0), (null)
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_get_generic_done] (7): Total
count [0]
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_get_netgroups_process] (6):
Search for netgroups, returned 1 results.
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [netgr_translate_members_send] (7):
Missing netgroup members.
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [netgr_translate_members_send] (9):
No DNs found among netgroup members.
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_save_netgroup] (7): Adding
original DN [cn=Users,ou=Netgroup,dc=example,dc=com] to attributes of [Users].
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_save_netgroup] (7): No
netgroup triples for netgroup [Users].
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_save_netgroup] (7): No
original members for netgroup [Users]
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_save_netgroup] (7): No
members for netgroup [Users]
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [sdap_save_netgroup] (6): Storing
info for netgroup Users
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): start ldb transaction
(nesting: 0)
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): start ldb transaction
(nesting: 1)
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): tevent: Added timed
event "ltdb_callback": 0x87f860

(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): tevent: Added timed
event "ltdb_timeout": 0x87f980

(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): tevent: Destroying timer
event 0x87f980 "ltdb_timeout"

(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): tevent: Ending timer
event 0x87f860 "ltdb_callback"

(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): cancel ldb transaction
(nesting: 1)
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [sysdb_add_basic_netgroup] (6):
Error: 17 (File exists)
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): start ldb transaction
(nesting: 1)
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): tevent: Added timed
event "ltdb_callback": 0x880040

(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): tevent: Added timed
event "ltdb_timeout": 0x87f0d0

(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): tevent: Destroying timer
event 0x87f0d0 "ltdb_timeout"

(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): tevent: Ending timer
event 0x880040 "ltdb_callback"

(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): commit ldb transaction
(nesting: 1)
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [ldb] (9): commit ldb transaction
(nesting: 0)
(Fri Jan  6 20:22:12 2012) [sssd[be[LDAP]]] [netgr_translate_members_done] (9):
Saving 1 Netgroups - Done

Fields changed

blockedby: =>
blocking: =>
coverity: =>
milestone: NEEDS_TRIAGE => SSSD 1.8.0
owner: somebody => jzeleny
patch: => 0
tests: => 0
testsupdated: => 0
upgrade: => 0

Fields changed

feature_milestone: =>
patch: 0 => 1
status: new => assigned

Fixed by:
- master
- 277a018
- 3ff729e
- sssd-1-8
- 720396b
- 343177b

resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to jzeleny
- Issue set to the milestone: SSSD 1.8.0 (LTM)

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2178

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata