Bug 1251398

Summary:	group name not sanitized properly for rfc2307 schema
Product:	Red Hat Enterprise Linux 7	Reporter:	Nirupama Karandikar <nkarandi>
Component:	sssd	Assignee:	Pavel Reichl <preichl>
Status:	CLOSED NOTABUG	QA Contact:	Kaushik Banerjee <kbanerje>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	7.2	CC:	grajaiya, jgalipea, jhrozek, lslebodn, mkosek, mzidek, nkarandi, nsoman, pbrezina, preichl
Target Milestone:	rc
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2015-08-11 06:59:38 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Nirupama Karandikar 2015-08-07 08:42:06 UTC

Description of problem:
group lookup not working with sssd-1.13.0-11.el7

Version-Release number of selected component (if applicable):
sssd-1.13.0-11.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1.Add following group in 389DS.
# group(_u)ser1, Groups, example.com
dn: cn=group(_u)ser1,ou=Groups,dc=example,dc=com
gidNumber: 20000
objectClass: top
objectClass: PosixGroup
memberUid: uid=t(u)ser,ou=Users,dc=example,dc=com
cn: group(_u)ser1

2.Configure sssd with ldap provider.
[domain/LDAP]
debug_level = 9
ldap_search_base = dc=example,dc=com
id_provider = ldap
auth_provider = ldap
sudo_provider = ldap
ldap_uri = ldap://dhcp207-102.lab.eng.pnq.redhat.com
cache_credentials = True
ldap_tls_cacert = /etc/openldap/certs/cacert.pem

3.Group lookup fails.

# getent group group\(_u\)ser1
#
Actual results:
Group lookup fails.


Expected results:
Group lookup should work.

Additional info:
from domain logs :
(Fri Aug  7 13:32:54 2015) [sssd[be[LDAP]]] [sysdb_search_by_name] (0x0400): No such entry
(Fri Aug  7 13:32:54 2015) [sssd[be[LDAP]]] [sdap_process_group_members_2307] (0x1000): member #0 (uid=t(u)ser,ou=Users,dc=example,dc=com): not found in sysdb
(Fri Aug  7 13:32:54 2015) [sssd[be[LDAP]]] [sysdb_search_users] (0x2000): Search users with filter: (&(objectclass=user)(nameAlias=uid=t(u)ser,ou=Users,dc=example,dc=com))
(Fri Aug  7 13:32:54 2015) [sssd[be[LDAP]]] [sysdb_search_users] (0x0080): Error: 5 (Input/output error)
(Fri Aug  7 13:32:54 2015) [sssd[be[LDAP]]] [sdap_process_group_members_2307] (0x0020): Error processing missing member #0 (uid=t(u)ser,ou=Users,dc=example,dc=com):
(Fri Aug  7 13:32:54 2015) [sssd[be[LDAP]]] [ldb] (0x4000): cancel ldb transaction (nesting: 0)
(Fri Aug  7 13:32:54 2015) [sssd[be[LDAP]]] [sdap_id_op_done] (0x0200): communication error on cached connection, moving to next server
(Fri Aug  7 13:32:54 2015) [sssd[be[LDAP]]] [sdap_id_op_done] (0x4000): advising for connection retry #1
(Fri Aug  7 13:32:54 2015) [sssd[be[LDAP]]] [sdap_id_op_done] (0x4000): releasing operation connection
(Fri Aug  7 13:32:54 2015) [sssd[be[LDAP]]] [sdap_id_release_conn_data] (0x4000): releasing unused connection
(Fri Aug  7 13:32:54 2015) [sssd[be[LDAP]]] [sdap_handle_release] (0x2000): Trace: sh[0x7fada72fd040], connected[1], ops[(nil)], ldap[0x7fada72fd8d0], destructor_lock[0], release_memory[0]

Comment 2 Nirupama Karandikar 2015-08-07 09:16:25 UTC

Marking this as Testblocker as lot of other tests are failing due to this.

Thanks,
Niru

Comment 5 Nirupama Karandikar 2015-08-11 04:50:24 UTC

Hello,

Adding "memberUid:t(u)user" in the schema helped. Group enumeration is working fine now. 

Thanks much,
Niru

Comment 6 Lukas Slebodnik 2015-08-11 06:36:40 UTC

(In reply to Nirupama Karandikar from comment #5)
> Hello,
> 
> Adding "memberUid:t(u)user" in the schema helped. Group enumeration is
> working fine now. 
> 
> Thanks much,
> Niru

So, could you remove test-blocker flag or close the bug?