Learn more about these different git repos.
Other Git URLs
https://bugzilla.redhat.com/show_bug.cgi?id=733399
Description of problem: Unable to enumerate rfc2307bis group with non-default attribute names. Version-Release number of selected component (if applicable): sssd-1.5.1-47.el6 How reproducible: Always Steps to Reproduce: 1. Setup a ldap schema with non-default attribute names and add a user using those attribute names: Add a user-group with the following attributes: dn: uid=kau12,dc=example,dc=com objectClass: account objectClass: posixAccount1 cn1: kaushik12 uid1: kau12 uidNumber1: 121212 gidNumber1: 121212 homeDirectory1: /home/kau12 loginShell1: /bin/tcsh gecos1: GECOS TEST userPassword: XXXXX dn: cn=kau12_grp1,dc=example,dc=com gidNumber1: 121212 objectClass: extensibleObject objectClass: groupOfNames1 member1: uid=kau12,dc=example,dc=com cn1: kau12_grp1 2. Setup sssd with the following in domain section: [domain/LDAP] debug_level=9 id_provider = ldap ldap_tls_cacert=/etc/openldap/cacerts/server.pem ldap_uri = ldap://<ldap-server> ldap_search_base = dc=example,dc=com ldap_user_object_class = posixAccount1 ldap_user_name = uid1 ldap_user_uid_number = uidNumber1 ldap_user_gid_number = gidNumber1 ldap_user_gecos = gecos1 ldap_user_home_directory = homeDirectory1 ldap_user_shell = loginShell1 ldap_group_gid_number = gidNumber1 ldap_user_fullname = cn1 ldap_group_name = cn1 ldap_schema = rfc2307bis ldap_group_object_class = groupOfNames1 ldap_group_member = member1 3. Enumerate the user: # id kau12 uid=121212(kau12) gid=121212 groups=121212 4. Enumerate the group # getent -s sss group kau12_grp1 # Actual results: Unable to enumerate group /var/log/sssd/sssd_LDAP.log shows: <snip> (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (6): calling ldap_search_ext with [(&(cn1=kau12_grp1)(objectclass=groupOfNames1)(cn1=*)(&(gidNumber1=*)(!(gidNumber1=0))))][dc=example,dc=com]. (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [objectClass] (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [cn1] (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [userPassword] (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [gidNumber1] (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [member1] (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [nsUniqueId] (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [modifyTimestamp] (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (8): ldap_search_ext called, msgid = 3 (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_id_op_connect_done] (9): caching successful connection after 1 notifies (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0x81432a8], connected[1], ops[0x814cb58], ldap[0x81433b0] (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: ldap_result found nothing! (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0x81432a8], connected[1], ops[0x814cb58], ldap[0x81433b0] (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_parse_entry] (9): OriginalDN: [cn=kau12_grp1,dc=example,dc=com]. (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0x81432a8], connected[1], ops[0x814cb58], ldap[0x81433b0] (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_get_generic_done] (6): Search result: Success(0), (null) (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_get_generic_done] (7): Total count [0] (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_get_groups_process] (6): Search for groups, returned 1 results. (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_nested_group_process_send] (9): The group's gid was missing (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_nested_group_process_send] (8): Marking group as non-posix and setting GID=0! </snip> Expected results: Enumeration of the group should work. Additional info:
Fields changed
coverity: => description: https://bugzilla.redhat.com/show_bug.cgi?id=733399
{{{ Description of problem: Unable to enumerate rfc2307bis group with non-default attribute names.
Version-Release number of selected component (if applicable): sssd-1.5.1-47.el6
How reproducible: Always
Steps to Reproduce: 1. Setup a ldap schema with non-default attribute names and add a user using those attribute names: Add a user-group with the following attributes:
dn: uid=kau12,dc=example,dc=com objectClass: account objectClass: posixAccount1 cn1: kaushik12 uid1: kau12 uidNumber1: 121212 gidNumber1: 121212 homeDirectory1: /home/kau12 loginShell1: /bin/tcsh gecos1: GECOS TEST userPassword: XXXXX
dn: cn=kau12_grp1,dc=example,dc=com gidNumber1: 121212 objectClass: extensibleObject objectClass: groupOfNames1 member1: uid=kau12,dc=example,dc=com cn1: kau12_grp1
Setup sssd with the following in domain section: [domain/LDAP] debug_level=9 id_provider = ldap ldap_tls_cacert=/etc/openldap/cacerts/server.pem ldap_uri = ldap://<ldap-server> ldap_search_base = dc=example,dc=com ldap_user_object_class = posixAccount1 ldap_user_name = uid1 ldap_user_uid_number = uidNumber1 ldap_user_gid_number = gidNumber1 ldap_user_gecos = gecos1 ldap_user_home_directory = homeDirectory1 ldap_user_shell = loginShell1 ldap_group_gid_number = gidNumber1 ldap_user_fullname = cn1 ldap_group_name = cn1 ldap_schema = rfc2307bis ldap_group_object_class = groupOfNames1 ldap_group_member = member1
Enumerate the user:
uid=121212(kau12) gid=121212 groups=121212
Actual results: Unable to enumerate group
/var/log/sssd/sssd_LDAP.log shows:
<snip> (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (6): calling ldap_search_ext with [(&(cn1=kau12_grp1)(objectclass=groupOfNames1)(cn1=)(&(gidNumber1=)(!(gidNumber1=0))))][dc=example,dc=com]. (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [objectClass] (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [cn1] (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [userPassword] (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [gidNumber1] (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [member1] (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [nsUniqueId] (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [modifyTimestamp] (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (8): ldap_search_ext called, msgid = 3 (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_id_op_connect_done] (9): caching successful connection after 1 notifies (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0x81432a8], connected[1], ops[0x814cb58], ldap[0x81433b0] (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: ldap_result found nothing! (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0x81432a8], connected[1], ops[0x814cb58], ldap[0x81433b0] (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_parse_entry] (9): OriginalDN: [cn=kau12_grp1,dc=example,dc=com]. (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0x81432a8], connected[1], ops[0x814cb58], ldap[0x81433b0] (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_get_generic_done] (6): Search result: Success(0), (null) (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_get_generic_done] (7): Total count [0] (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_get_groups_process] (6): Search for groups, returned 1 results. (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_nested_group_process_send] (9): The group's gid was missing (Tue Aug 23 06:03:44 2011) [sssd[be[LDAP]]] [sdap_nested_group_process_send] (8): Marking group as non-posix and setting GID=0! </snip>
Expected results: Enumeration of the group should work.
Additional info: }}} => https://bugzilla.redhat.com/show_bug.cgi?id=733399
Additional info: }}}
patch: => 0 rhbz: => 733399 tests: => 0 testsupdated: => 0 upgrade: => 0
Accidentally duplicated ticket #975.
resolution: => duplicate status: new => closed
rhbz: 733399 => [https://bugzilla.redhat.com/show_bug.cgi?id=733399 733399]
milestone: NEEDS_TRIAGE => void
Metadata Update from @sgallagh: - Issue set to the milestone: void
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2025
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.