Bug 1295883
Summary: | refresh_expired_interval stops sss_cache from working | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | ryaner |
Component: | sssd | Assignee: | Michal Zidek <mzidek> |
Status: | CLOSED ERRATA | QA Contact: | Steeve Goveas <sgoveas> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.7 | CC: | apeetham, grajaiya, jgalipea, jhrozek, lslebodn, mkosek, mzidek, pbrezina, preichl, sgoveas |
Target Milestone: | rc | Keywords: | Regression |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | sssd-1.13.3-12.el6 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-05-10 20:26:04 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
ryaner
2016-01-05 17:14:22 UTC
We disable cache refresh for netgroups in commit f933190722886ff23eab8148b473915908bc8c23 if background refresh is enabled. The patch should disable only a midpoint refresh, but it seems that even refresh of expired records are disabled this way. Upstream ticket: https://fedorahosted.org/sssd/ticket/2912 Michal, Pavel, can either of you provide steps to reproduce this bug? Steps to reproduce: 1. Setup SSSD against LDAP or FreeIPA server with the following option in the domain section in sssd.conf: refresh_expired_interval = 1234 3. Create a test netgroup with some users on the server 3. Query the created test netgroup # getent netgroup testgroup testgroup ( ,user1,) ( ,user2,) ( ,user3,) 4. Modify the test netgroup to remove one user 5. Call sss_cache to expire the group # sss_cache -n testgroup 6. Query server for test netgroup again. Removed user should no longer be shown in the getent output. # getent netgroup testgroup testgroup ( ,user1,) ( ,user2,) ( ,user3,) master: * 1b8858b1611db5048592f477059ca5ad66d7ceb1 sssd-1-13: * 66c6bf86da1241c3253d23aa7e68850d6ec14d15 Verified the bug on SSSD Version: sssd-1.13.3-21.el6.x86_64 Steps followed during verification were taken from Comment #5. 1. Create a netgroup in ldap server. 2. Configure sssd with "refresh_expired_interval = 1234" and query the netgroup. 3. Then, delete a netgroup user, clean the cache and query again to verify the presence of deleted user. With the latest build, the bug looks resolved. See the commands below: # service sssd status sssd (pid 25553) is running... # getent netgroup test-net test-net ( ,user1,) ( ,user2,) ( ,user3,) # ldapmodify -xv -h hubcap.lab.eng.pnq.redhat.com -D "cn=Directory Manager" -w Secret123 -f netgroup-member-del.ldif ldap_initialize( ldap://hubcap.lab.eng.pnq.redhat.com ) delete nisNetgroupTriple: (,user3,) modifying entry "cn=test-net,ou=Netgroup,dc=example,dc=com " modify complete [root@qe-blade-03 sssd]# sss_cache -n test-net [root@qe-blade-03 sssd]# getent netgroup test-net test-net ( ,user1,) ( ,user2,) Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-0782.html |