Bug 1475985
Summary: | Group renaming issue when "id_provider = ldap" is set. | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | fnie |
Component: | sssd | Assignee: | SSSD Maintainers <sssd-maint> |
Status: | CLOSED DUPLICATE | QA Contact: | sssd-qe <sssd-qe> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.8 | CC: | grajaiya, jhrozek, lslebodn, mkosek, mzidek, pbrezina, tscherf |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-11-13 21:27:59 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
fnie
2017-07-27 17:21:26 UTC
sssd version: 1.13.3-56.el6 Well, if removing the cache works, then I guess it's https://pagure.io/SSSD/sssd/issue/3282 btw there are candidate patches for #3282, if you're interested in testing them to see if they fix your issue, then I can build you a test package. But since this bug seems to have a workaround, it's not likely we would fix the bug in RHEL-6 (for sure not without a support case) Hi Hrozek, are you say the patch is not for centos6 ? so we have to upgrade to 7? or is there any workaround we can skip it. (In reply to fnie from comment #5) > Hi Hrozek, > > are you say the patch is not for centos6 ? > > so we have to upgrade to 7? or is there any workaround we can skip it. There are two possible explanation of two different groups with the same GID in sssd cache. A) there are two groups in LDAP with the same GID => such configuration is not supported by SSSD due to security reasons. B) groupA was renamed to groupB LDAP => in this case removing sssd cache is sufficient workaround. (sss_cache will not help) and issue is tracked in upstream ticket https://pagure.io/SSSD/sssd/issue/3282 it's the B, there is an old group a, then we drop it, create new group b, but it's using the same gid, our program on check if the gid is used or not, if its ok, then it will use. so it's same situation as rename. (In reply to fnie from comment #7) > it's the B, > > there is an old group a, then we drop it, create new group b, but it's using > the same gid, our program on check if the gid is used or not, if its ok, > then it will use. > > so it's same situation as rename. In that case patch for ticket https://pagure.io/SSSD/sssd/issue/3282 would help but rhel6 is in late phase of lifecycle. So it's not very likely we would fix the bug in RHEL-6 (for sure not without a support case which requires RHEL subscription). But from upstream POV it would not be a problem to fix it. I hope it is clear now. But if you do not rename group very often then clearing sssd cache + restarting sssd might be reasonable/feasible workaround. Upstream ticket: https://pagure.io/SSSD/sssd/issue/3282 *** This bug has been marked as a duplicate of bug 1401241 *** |