Learn more about these different git repos.
Other Git URLs
https://bugzilla.redhat.com/show_bug.cgi?id=801368 (Red Hat Enterprise Linux 6)
Description of problem: Members are not returned while looking up groups with proxy provider. Version-Release number of selected component (if applicable): sssd-1.8.0-11 How reproducible: Always Steps to Reproduce: 1. Add the following user and group in ldap: dn: uid=Kau7,ou=Users,dc=example,dc=com objectClass: account objectClass: posixAccount cn: Kau7 uidNumber: 7777 gidNumber: 7777 homeDirectory: /home/kau7 userPassword:: U2VjcmV0MTIz uid: Kau7_Alias uid: Kau7 dn: cn=Kau7_grp1,ou=Groups,dc=example,dc=com gidNumber: 7777 objectClass: posixGroup memberUid: kau7 cn: Kau7_grp1_Alias cn: Kau7_grp1 2. Configure sssd with following in domain section: [domain/PROXY] debug_level=0xFFF0 id_provider = proxy auth_provider = proxy proxy_lib_name = ldap proxy_pam_target = sssdproxyldap 3. Verify if nss_ldap is configured properly. Try to lookup the group directly from nss_ldap. # getent -s ldap group Kau7_grp1 Kau7_grp1:*:7777:kau7 4. Now lookup the group using nss_sss. # getent -s sss group Kau7_grp1 Kau7_grp1:*:7777: Actual results: Member is not returned for the group. Expected results: Member should be returned for the group. Additional info: 1. sssd_domain.log shows: (Thu Mar 8 13:29:33 2012) [sssd[be[PROXY]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Thu Mar 8 13:29:33 2012) [sssd[be[PROXY]]] [be_get_account_info] (0x0100): Got request for [4098][1][name=Kau7_grp1] (Thu Mar 8 13:29:33 2012) [sssd[be[PROXY]]] [get_gr_name] (0x1000): Searching group by name (Kau7_grp1) (Thu Mar 8 13:29:33 2012) [sssd[be[PROXY]]] [get_gr_name] (0x1000): Group Kau7_grp1 found: (Kau7_grp1, 7777) (Thu Mar 8 13:29:33 2012) [sssd[be[PROXY]]] [save_group] (0x1000): Group Kau7_grp1 has 1 members! (Thu Mar 8 13:29:33 2012) [sssd[be[PROXY]]] [sysdb_attrs_users_from_str_list] (0x4000): Adding 1 members to existing 0 ones (Thu Mar 8 13:29:33 2012) [sssd[be[PROXY]]] [sysdb_attrs_users_from_str_list] (0x1000): member #0: [name=kau7,cn=users,cn=PROXY,cn=sysdb] 2. Also "id Kau7" gives appropriate output "uid=7777(Kau7) gid=7777(Kau7_grp1) groups=7777(Kau7_grp1)", but gives the following error in the logs: (Thu Mar 8 13:30:46 2012) [sssd[be[PROXY]]] [get_initgr_groups_process] (0x0040): proxy -> initgroups_dyn failed (29894464)[Unknown error 29894464] (Thu Mar 8 13:30:46 2012) [sssd[be[PROXY]]] [ldb] (0x4000): cancel ldb transaction (nesting: 0) (Thu Mar 8 13:30:46 2012) [sssd[be[PROXY]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,5,Internal Error (Memory buffer error)
Fields changed
blockedby: => blocking: => coverity: => feature_milestone: => milestone: NEEDS_TRIAGE => SSSD 1.8.1 (LTM) tests: => 0 testsupdated: => 0 upgrade: => 0
The memberuid has different case - "kau7", the user's CN is "Kau7". The domain is not marked as case insensitive either. Will investigate why this usecase works in nss_ldap but not sssd.
owner: somebody => jhrozek
Fixed by: - b6a8bde (master) - 091f57b (sssd-1-8)
patch: 0 => 1 resolution: => fixed status: new => closed
Metadata Update from @sgallagh: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.8.1 (LTM)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2283
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.