Bug 1067361
Summary: | Check IPA idranges before saving them to the cache | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Jakub Hrozek <jhrozek> |
Component: | sssd | Assignee: | Jakub Hrozek <jhrozek> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Kaushik Banerjee <kbanerje> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 7.0 | CC: | dpal, grajaiya, jgalipea, jhrozek, lslebodn, mkosek, nsoman, pbrezina, preichl, sgoveas |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | sssd-1.11.2-47.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-06-13 12:51:52 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jakub Hrozek
2014-02-20 10:32:35 UTC
Please add steps to verify this Define two idranges that conflict (for example the range limits overlap) and then restart sssd. With the old version, the sssd would fail to start until you remove the cache, with the new version, the sssd should start, but in the logs you should see "Collision of ID ranges detected". Fixed upstream: master: 096a9678919fae460342469989b97fd47d812823 f69f3581658351003a6d9245045e41d0efb85022 ff6e24f4474cca6226cd44c47ba2ec6ba6cf9a16 sssd-1-11: c9160931bd57b66bb1bf8312c05b9cb6da2497bc 751a77c04f15e059dcca07f8fd72702db90fb83e b71e463bb8dca5aaca8e9677a92b679390c7b966 Verified in version [root@dhcp207-218 ~]# rpm -q sssd sssd-1.11.2-58.el7.x86_64 * Added a conflicting range [root@dhcp207-218 ~]# ipa idrange-add test-range --base-id=123456 --rid-base=0 --range-size=10 --dom-sid=S-1-5-21-1910160501-511572375-3625658879 --------------------------- Added ID range "test-range" --------------------------- Range name: test-range First Posix ID of the range: 123456 Number of IDs in the range: 10 First RID of the corresponding RID range: 0 Domain SID of the trusted domain: S-1-5-21-1910160501-511572375-3625658879 Range type: Active Directory domain range * Enabled sssd debugging [root@dhcp207-218 ~]# grep -A1 debug /etc/sssd/sssd.conf debug_level = 10 [sssd] * Show conflicting ranges [root@dhcp207-218 ~]# ipa idrange-find --dom-sid S-1-5-21-1910160501-511572375-3625658879 ---------------- 2 ranges matched ---------------- Range name: ADTEST.QE_id_range First Posix ID of the range: 1148400000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 0 Domain SID of the trusted domain: S-1-5-21-1910160501-511572375-3625658879 Range type: Active Directory domain range Range name: test-range First Posix ID of the range: 123456 Number of IDs in the range: 10 First RID of the corresponding RID range: 0 Domain SID of the trusted domain: S-1-5-21-1910160501-511572375-3625658879 Range type: Active Directory domain range ---------------------------- Number of entries returned 2 ---------------------------- * No errors on restarting sssd [root@dhcp207-218 ~]# systemctl restart sssd.service [root@dhcp207-218 ~]# echo $? 0 * Collision between the 2 ranges found in logs [root@dhcp207-218 ~]# grep -i collision /var/log/sssd/sssd_testrelm.test.log (Thu Mar 13 15:56:32 2014) [sssd[be[testrelm.test]]] [ipa_ranges_parse_results] (0x0020): Collision of ranges [test-range] and [ADTEST.QE_id_range] detected. (Thu Mar 13 15:56:32 2014) [sssd[be[testrelm.test]]] [ipa_ranges_parse_results] (0x0020): Collision of ranges [test-range] and [ADTEST.QE_id_range] detected. (Thu Mar 13 15:56:32 2014) [sssd[be[testrelm.test]]] [ipa_ranges_parse_results] (0x0020): Collision of ranges [test-range] and [ADTEST.QE_id_range] detected. (Thu Mar 13 15:56:32 2014) [sssd[be[testrelm.test]]] [ipa_ranges_parse_results] (0x0020): Collision of ranges [test-range] and [ADTEST.QE_id_range] detected. (Thu Mar 13 15:56:32 2014) [sssd[be[testrelm.test]]] [ipa_ranges_parse_results] (0x0020): Collision of ranges [test-range] and [ADTEST.QE_id_range] detected. This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |