Bug 1724088
| Summary: | negative cache does not use values from 'filter_users' config option for known domains | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | anuja <amore> | |
| Component: | sssd | Assignee: | Sumit Bose <sbose> | |
| Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | 7.7 | CC: | grajaiya, jhrozek, ksiddiqu, lslebodn, mzidek, ndehadra, pbrezina, peter.vreman, sbose, sgoveas, tscherf | |
| Target Milestone: | rc | Keywords: | ZStream | |
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | sync-to-jira | |||
| Fixed In Version: | sssd-1.16.4-23.el7 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1726945 1758566 (view as bug list) | Environment: | ||
| Last Closed: | 2020-03-31 19:44:37 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1726945, 1758566 | |||
|
Description
anuja
2019-06-26 08:41:33 UTC
Needed patches are: * master: e7e212b * sssd-1-16: * 934341e * 05b37ac Upstream ticket: https://pagure.io/SSSD/sssd/issue/3978 Bugzilla not allowing solution link, so doing as comment: https://bugzilla.redhat.com/show_bug.cgi?id=1724088 Performed Steps As per : https://bugzilla.redhat.com/show_bug.cgi?id=1685472#c9 [root@ipaqavmb ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.8 Beta (Maipo) [root@ipaqavmb ~]# rpm -qa sssd sssd-1.16.4-32.el7.x86_64 [root@ipaqavmb ~]# ipa config-show | grep resolution Domain resolution order: ipaad2k16cin.test:gss78.test [root@ipaqavmb ~]# grep -B 3 "filter_users" /etc/sssd/sssd.conf [nss] memcache_timeout = 600 homedir_substring = /home filter_users = aduser1 [root@ipaqavmb ~]# ipactl stop Stopping ipa-dnskeysyncd Service Stopping ipa-otpd Service Stopping winbind Service Stopping smb Service Stopping pki-tomcatd Service Stopping ntpd Service Stopping ipa-custodia Service Stopping httpd Service Stopping named Service Stopping kadmin Service Stopping krb5kdc Service Stopping Directory Service ipa: INFO: The ipactl command was successful [root@ipaqavmb ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start Redirecting to /bin/systemctl stop sssd.service Redirecting to /bin/systemctl start sssd.service [root@ipaqavmb ~]# ipactl start Starting Directory Service Starting krb5kdc Service Starting kadmin Service Starting named Service Starting httpd Service Starting ipa-custodia Service Starting ntpd Service Starting pki-tomcatd Service Starting smb Service Starting winbind Service Starting ipa-otpd Service Starting ipa-dnskeysyncd Service ipa: INFO: The ipactl command was successful [root@ipaqavmb ~]# sssctl domain-list | grep ipaad2k16cin.test ipaad2k16cin.test ipasubad2k16cin.ipaad2k16cin.test [root@ipaqavmb ~]# id aduser1 ; date id: aduser1: no such user Wed Oct 9 05:20:39 EDT 2019 [root@ipaqavmb ~]# grep -F "Looking up [aduser1] in data provider" /var/log/sssd/sssd_nss.log [root@ipaqavmb ~]# echo $? 1 In latest version there is no call log for known doamins like "Looking up [aduser] in data provider" messages in sssd_nss.log Based on This moving bz to verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:1053 |