Learn more about these different git repos.
Other Git URLs
I was testing with id_provider = proxy and the files nss lib. When trying to login we do an initgroups_dyn call to determine the group list. This is done passing the user's primary group as an argument. In this case glibc skips the user's group when it looks it up, resulting in the call returning NSS_STATUS_NOTFOUND if the user is member only of that specific group. In this case we should not fail but simply consider that only group being available to be the user's primary group as returned by getpwnam.
As a temporary workaround I added the user to a new group and initgroups 'started working' again .
Fields changed
description: I was testing with id_provider = proxy and the files nss lib. When trying to login we do an initgroups_dyn call to determine the group list. This is done passing the user's primary group as an argument. In this case glibc skips the user's group when it looks it up, resulting in the call returning NSS_STATUS+NOTFOUND if the user is member only of that specific group. In this case we should not fail but simply consider that only group being available to be the user's primary group as returned by getpwnam.
As a temporary workaround I added the user to a new group and initgroups 'started working' again . => I was testing with id_provider = proxy and the files nss lib. When trying to login we do an initgroups_dyn call to determine the group list. This is done passing the user's primary group as an argument. In this case glibc skips the user's group when it looks it up, resulting in the call returning NSS_STATUS_NOTFOUND if the user is member only of that specific group. In this case we should not fail but simply consider that only group being available to be the user's primary group as returned by getpwnam.
owner: somebody => simo status: new => assigned
This patch is untested but should work.
patch: 0 => 1
new approach 0001-proxy-Allow-initgroup-to-return-NOTFOUND.patch
milestone: NEEDS_TRIAGE => SSSD 1.10.2
resolution: => fixed status: assigned => closed
rhbz: => 0
Metadata Update from @simo: - Issue assigned to simo - Issue set to the milestone: SSSD 1.10.2
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3093
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.