Bug 1215925

Summary:	SSSD [sysdb_store_user] (0x0040): Could not add user after update to 1.12.2-58 from 1.11.2-65
Product:	Red Hat Enterprise Linux 7	Reporter:	ilya <iatemnikov>
Component:	sssd	Assignee:	SSSD Maintainers <sssd-maint>
Status:	CLOSED DUPLICATE	QA Contact:	Kaushik Banerjee <kbanerje>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	7.1	CC:	grajaiya, jgalipea, jhrozek, lslebodn, mkosek, mzidek, pbrezina, preichl
Target Milestone:	rc
Target Release:	---
Hardware:	x86_64
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2015-04-29 11:06:58 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description ilya 2015-04-28 07:16:08 UTC

Description of problem:

After update sssd I can't enumerate groups for some users
id "username" return not all ad groups

Version-Release number of selected component (if applicable):
1.12.2-58

How reproducible:


Steps to Reproduce:
1. install sssd 1.11.2-65, realmd join domain
2. id username return correct group list
3. update sssd 1.12.2-56
4. clear sssd cache
5. id username return uid, gid and one domain group

Actual results:
id evkogan
uid=19174(evkogan) gid=1513(domain users) groups=1513(domain users)

Expected results:
id evkogan
uid=19174(evkogan) gid=1513(domain users) groups=1513(domain users),24108772(fsorit1_rni_отдел поддержки центров обработки данных),23688216(fsorit1_tbi_отдел поддержки центров обработки данных),23761739(msk_prt__streams_it_projects_training_trainings_request_c), .....


Additional info:

sssd.conf

[sssd]
domains = corp.tnk-bp.ru
config_file_version = 2
services = nss, pam

[domain/corp.tnk-bp.ru]
debug_level = 3
ad_domain = corp.domain.ru
krb5_realm = CORP.DOMAIN.RU
realmd_tags = manages-system joined-with-samba.
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
ldap_idmap_default_domain_sid = S-1-5-21-***-***-***
ldap_idmap_range_min = 1000
ldap_idmap_range_max = 2100000000
ldap_idmap_range_size = 100000000
ignore_group_members = True
override_homedir = /home/%f
fallback_homedir = /home/%d/%u
access_provider = simple
simple_allow_groups = corp\orn-unixlogin

sssd_corp.domain.ru.log

[sssd[be[corp.tnk-bp.ru]]] [sysdb_set_entry_attr] (0x0080): ldb_modify failed: [Invalid attribute syntax]
[sssd[be[corp.tnk-bp.ru]]] [sysdb_set_entry_attr] (0x0040): Error: 22 (Invalid argument)
[sssd[be[corp.tnk-bp.ru]]] [sysdb_store_user] (0x0040): Could not add user
[sssd[be[corp.tnk-bp.ru]]] [sdap_save_user] (0x0020): Failed to save user [evkogan]
[sssd[be[corp.tnk-bp.ru]]] [sdap_save_users] (0x0040): Failed to store user 0. Ignoring.
[sssd[be[corp.tnk-bp.ru]]] [be_run_online_cb] (0x0080): Going online. Running callbacks.
[sssd[be[corp.tnk-bp.ru]]] [sysdb_set_entry_attr] (0x0080): ldb_modify failed: [Invalid attribute syntax]
[sssd[be[corp.tnk-bp.ru]]] [sysdb_set_entry_attr] (0x0040): Error: 22 (Invalid argument)
[sssd[be[corp.tnk-bp.ru]]] [sdap_save_user] (0x0020): Failed to save user [evkogan]
[sssd[be[corp.tnk-bp.ru]]] [ad_account_info_complete] (0x0010): Bug: dp_error is OK on failed request

Comment 3 Lukas Slebodnik 2015-04-28 07:35:09 UTC

It is either https://fedorahosted.org/sssd/ticket/2614
or https://fedorahosted.org/sssd/ticket/2588

It is already fixed in upstream and you can test with packages from testing repository
https://copr.fedoraproject.org/coprs/lslebodn/sssd-1-12-latest/

Comment 4 ilya 2015-04-29 10:42:47 UTC

it work, thanks.

Comment 5 Jakub Hrozek 2015-04-29 11:06:58 UTC

https://bugzilla.redhat.com/show_bug.cgi?id=1205382 is more probably the root cause, I'll close as duplicate of that one.

We're prepairing a 7.1 update for this issue in the near future..

*** This bug has been marked as a duplicate of bug 1205382 ***