Learn more about these different git repos.
Other Git URLs
https://bugzilla.redhat.com/show_bug.cgi?id=869013 (Red Hat Enterprise Linux 6)
Description of problem: A sudo rule node newly added to the LDAP server doesn't get noticed by sssd within smart refresh interval, only within full refresh interval. Version-Release number of selected component (if applicable): libsss_autofs-1.9.2-3.el6.x86_64 libsss_idmap-1.9.2-3.el6.x86_64 libsss_sudo-1.9.2-3.el6.x86_64 sssd-client-1.9.2-3.el6.x86_64 sssd-1.9.2-3.el6.x86_64 How reproducible: Always. Steps to Reproduce: # # Setup # service sssd stop echo "ldap_sudo_smart_refresh_interval = 10" >> /etc/sssd/sssd.conf echo "ldap_sudo_full_refresh_interval = 30" >> /etc/sssd/sssd.conf rm /var/lib/sss/db/*.ldb service sssd start # Wait for the service to really come up, # see https://fedorahosted.org/sssd/ticket/1357 # Without this delay the bug won't reproduce sleep 3 check_sudo() { su user1 -c 'sudo -u user2 true' 2>/dev/null && echo ALLOWED || echo DENIED; } # # Test # check_sudo ldapmodify -x -h server -D 'cn=Directory Manager' -w Secret123 -a <<EOF dn: cn=test,ou=Sudoers,dc=example,dc=com cn: test objectClass: top objectClass: sudoRole sudoOption: !authenticate sudoUser: ALL sudoHost: ALL sudoCommand: ALL sudoRunAsUser: ALL EOF check_sudo; sleep 12; check_sudo; sleep 10; check_sudo; sleep 10; check_sudo # # Teardown # unset check_sudo service sssd stop grep -v 'ldap_sudo_\(smart\|full\)_refresh_interval' /etc/sssd/sssd.conf > /etc/sssd/sssd.conf.new mv /etc/sssd/sssd.conf{.new,} chmod 0600 /etc/sssd/sssd.conf ldapdelete -x -h server -D 'cn=Directory Manager' -w Secret123 cn=test,ou=Sudoers,dc=example,dc=com rm /var/lib/sss/db/*.ldb service sssd start Actual results: DENIED DENIED DENIED DENIED ALLOWED Expected results: DENIED DENIED ALLOWED ALLOWED ALLOWED
Fields changed
blockedby: => blocking: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => owner: somebody => pbrezina patch: 0 => 1 status: new => assigned testsupdated: => 0
milestone: NEEDS_TRIAGE => SSSD 1.9.3 resolution: => fixed status: assigned => closed
Metadata Update from @jhrozek: - Issue assigned to pbrezina - Issue set to the milestone: SSSD 1.9.3
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2638
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.