Bug 1373420
Summary: | sss_override fails to export | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Marc Muehlfeld <mmuehlfe> | ||||
Component: | sssd | Assignee: | Michal Zidek <mzidek> | ||||
Status: | CLOSED ERRATA | QA Contact: | Steeve Goveas <sgoveas> | ||||
Severity: | unspecified | Docs Contact: | Marc Muehlfeld <mmuehlfe> | ||||
Priority: | unspecified | ||||||
Version: | 7.3 | CC: | dlavu, grajaiya, jhrozek, lslebodn, mkosek, mzidek, pbrezina, tlavigne | ||||
Target Milestone: | rc | Keywords: | Regression | ||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | sssd-1.14.0-41.el7 | Doc Type: | Bug Fix | ||||
Doc Text: |
Show, find, and export operations in the "sss_override" utility now work correctly
Red Hat Enterprise Linux 7.3 introduced local overrides to the System Security Services Daemon (SSSD). Due to a regression, "sss_override" commands failed if an override was created without the "-n" option. The bug has been fixed and now "sss_override" works correctly.
|
Story Points: | --- | ||||
Clone Of: | Environment: | ||||||
Last Closed: | 2016-11-04 07:21:15 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
It seems to be related to timestamp cache or fully qualified name changes. Upstream ticket: https://fedorahosted.org/sssd/ticket/3179 The override fails to export if the name attribute is not overriden. For example if someone only overrides shell for the user or GID for the group. I do not think this is a regression. Works in 1.13, this is a regression. Upstream ticket: https://fedorahosted.org/sssd/ticket/3179 (In reply to Jakub Hrozek from comment #11) > Upstream ticket: > https://fedorahosted.org/sssd/ticket/3179 For some reason, the previous clone didn't update the devel Whiteboard, so our internal tool didn't see the BZ as cloned.. master: * 1c72723cde8bea0d390b928c7cd29e48e7a7deab * 07e7683f5a86991feaa764e2055116554ada1b93 Verified against sssd-client-1.14.0-42.el7.x86_64 [root@dell-per230-02 db]# id Administrator uid=498200500(administrator) gid=498200513(domain users) groups=498200513(domain users),498200519(enterprise admins),498200512(domain admins),498200520(group policy creator owners),498200518(schema admins),498246372(parent_group-474),498200572(denied rodc password replication group) [root@dell-per230-02 db]# sss_override user-add -n admin Administrator SSSD needs to be restarted for the changes to take effect. [root@dell-per230-02 db]# service sssd restart Redirecting to /bin/systemctl restart sssd.service [root@dell-per230-02 db]# id admin uid=498200500(admin) gid=498200513(domain users) groups=498200513(domain users),498200520(group policy creator owners),498200519(enterprise admins),498200512(domain admins),498200518(schema admins),498200572(denied rodc password replication group),498246372(parent_group-474) [root@dell-per230-02 db]# sss_override user-export export.txt [root@dell-per230-02 db]# cat export.txt Administrator:admin:::::: Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2016-2476.html |
Created attachment 1198131 [details] debug log Description of problem: sss_override user-export fails Version-Release number of selected component (if applicable): sssd-tools-1.14.0-30.el7.x86_64 How reproducible: Always. Steps to Reproduce: 1. Set up an LDAP provider 2. Create an user override: 3. Restart sssd 4. Try to export the user overrides Actual results: # sss_override user-export /var/lib/sss/backup/sssd_user_overrides.bak # echo $? 1 # ls -la /var/lib/sss/backup/sssd_user_overrides.bak -rw-r--r--. 1 root root 0 6. Sep 09:04 /var/lib/sss/backup/sssd_user_overrides.bak Expected results: sss_override should not fail to export. Additional information: It would be great, if sss_override user-export tells the user when it fails. I only discovered this bug, because I wanted to remove the SSSD cache. Otherwise I had not seen that it generates just an empty file and fails. The "sssctrl cache-remove" command validates the result of the backup: # sssctl cache-remove SSSD must not be running. Stop SSSD now? (yes/no) [yes] Creating backup of local data... SSSD backup of local data already exist, override? (yes/no) [no] yes Error while executing external command Unable to export group overrides Unable to create backup of local data, can not remove the cache.