Learn more about these different git repos.
Other Git URLs
Create user with few aliases
dn: uid=User_CS2,ou=Users,dc=example,dc=com objectClass: account objectClass: posixAccount objectClass: extensibleObject cn: User_CS2 uidNumber: 1111112 gidNumber: 1111112 homeDirectory: /home/User_CS2 loginShell: /bin/bash uid: User_CS2 uid: User_CS2_Alias
Authenticate twice within pam_id_timeout timeout (5 seconds by default) Expected result: Both attempts should pass Actual result: The 2nd attempt fails
It is possible that there is a simpler reproducer:
cat << EOF > /etc/pam.d/sssdproxyldap auth required pam_ldap.so account required pam_ldap.so password required pam_ldap.so session required pam_ldap.so EOF cat <<EOF > /etc/pam_ldap.conf base $DS_BASE_DN pam_password md5 host $SERVER tls_cacertfile /etc/openldap/certs/cacert.asc EOF cat <<EOF > /etc/nslcd.conf uid nslcd gid ldap uri ldap://$SERVER base $DS_BASE_DN ignorecase yes EOF service nslcd restart cat <<EOF >/etc/sssd/sssd.cong [sssd] services = nss, pam domains = PROXY [domain/PROXY] id_provider = proxy proxy_lib_name = ldap proxy_pam_target = sssdproxyldap case_sensitive = preserving EOF
ldbsearch after 1st authentication
[root@host sssd]# ldbsearch -H /var/lib/sss/db/cache_PROXY.ldb -b cn=users,cn=PROXY,cn=sysdb nameAlias name # record 1 dn: name=User_CS2@proxy,cn=users,cn=PROXY,cn=sysdb name: User_CS2@proxy nameAlias: user_cs2 nameAlias: user_cs2@proxy
ldbsearch after 2nd authentication
[root@host sssd]# ldbsearch -H /var/lib/sss/db/cache_PROXY.ldb -b cn=users,cn=PROXY,cn=sysdb nameAlias name # record 1 dn: name=User_CS2@proxy,cn=users,cn=PROXY,cn=sysdb name: User_CS2@proxy nameAlias: user_cs2 nameAlias: user_cs2_alias@proxy
Fields changed
summary: sssd is not able to authentica with alias => sssd is not able to authenticate with alias
owner: somebody => fidencio
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1368496
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=1368496 1368496]
milestone: NEEDS_TRIAGE => SSSD 1.14.2 priority: major => critical
patch: 0 => 1
master
resolution: => fixed status: new => closed
Metadata Update from @lslebodn: - Issue assigned to fidencio - Issue set to the milestone: SSSD 1.14.2
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4167
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.