Bug 1214337

Summary: Overrides with --login work in second attempt
Product: Red Hat Enterprise Linux 7 Reporter: Sumit Bose <sbose>
Component: sssdAssignee: Sumit Bose <sbose>
Status: CLOSED ERRATA QA Contact: Kaushik Banerjee <kbanerje>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.1CC: grajaiya, jgalipea, jhrozek, kbanerje, lslebodn, mkosek, mzidek, nsoman, pbrezina, preichl, sbose, sgoveas, sssd-maint, sumenon
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sssd-1.13.0-0.1.alpha.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1213822 Environment:
Last Closed: 2015-11-19 11:38:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1213822, 1214717    
Bug Blocks:    

Comment 2 Jakub Hrozek 2015-04-22 13:34:30 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2630
Comment 3 Jakub Hrozek 2015-04-27 13:52:12 UTC 
Fixed upstream:
    master: 2ab9a4538eb2e1a255e645f7efdcfd6bb722d265
    sssd-1-12: 3453e4734d2f7738034af61edb7d33c0c7095d8a
Comment 4 Sumit Bose 2015-04-29 09:46:48 UTC 
A segfault caused by the patch was found. resetting the status to ASSIGNED.
Comment 5 Jakub Hrozek 2015-04-30 15:59:08 UTC 
Additional patch landed upstream
    master: c520f40d1a2d77cf1d413451b5682297733521ed
    sssd-1-12: e31d5babfd036cf64c9179dc60bbd79f541ef89b
Comment 6 Jakub Hrozek 2015-04-30 16:03:26 UTC 
*** Bug 1214717 has been marked as a duplicate of this bug. ***
Comment 11 Sudhir Menon 2015-09-29 11:10:12 UTC 
Verified on RHEL7.2 and Windows 2012 R2.

sssd-ldap-1.13.0-35.el7.x86_64

1. After adding the group in AD and setting POSIX attribute GID to the group in AD which matches to the GID in server getent passwd output, 
the getent passwd $overrideusername gave the output in first attempt.

[root@ipa02 ~]# ipa idoverrideuser-add 'default trust view' test100  --login syncuser07
----------------------------------------
Added User ID override "test100"
----------------------------------------
  Anchor to override: test100
  User login: syncuser07

[root@ipaclient02 ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start
Redirecting to /bin/systemctl stop  sssd.service
Redirecting to /bin/systemctl start  sssd.service

[root@ipaclient02 ~]# getent passwd syncuser07 ; echo $?
syncuser07:*:10099:10000:test100:/home/test.in/test100:/bin/sh
0

[root@ipaclient02 ~]# getent passwd syncuser07 ; echo $?
syncuser07:*:10099:10000:test100:/home/test.in/test100:/bin/sh
0

2. When the below steps are performed, the output for getent passwd is displayed for the first time.

[root@ipa02 sssd]# ipa idview-show hostview --show-hosts
  ID View Name: hostview
  User object overrides: test99
  Group object overrides: grp1
  Hosts the view applies to: ipaclient02.labs02.test

[root@ipaclient02 ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start
Redirecting to /bin/systemctl stop  sssd.service
Redirecting to /bin/systemctl start  sssd.service

[root@ipaclient02 ~]# getent passwd syncuser07 ; echo $?
syncuser07:*:10099:10000:test100:/home/test.in/test100:/bin/sh
0
Comment 12 errata-xmlrpc 2015-11-19 11:38:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2355.html