Bug 1992973

Summary: Lookup with fully-qualified name does not work with 'cache_first = True'
Product: Red Hat Enterprise Linux 9 Reporter: Sumit Bose <sbose>
Component: sssdAssignee: Sumit Bose <sbose>
Status: CLOSED ERRATA QA Contact: Dhairya Parmar <dparmar>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.0CC: atikhono, dlavu, dparmar, grajaiya, jhrozek, lslebodn, mzidek, pbrezina, sgoveas, tscherf
Target Milestone: betaKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: sync-to-jira
Fixed In Version: sssd-2.6.1-1.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-17 16:00:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2011224    
Bug Blocks:    

Description Sumit Bose 2021-08-12 07:21:51 UTC 
Description of problem:
If the 'cache_first = True' option is used with the nss responder a lookup with the fully-qualified name of a user or group will fail if the requested object is not already in the cache.

Version-Release number of selected component (if applicable):
It looks like the issue is present at least since RHEL-8.3


Steps to Reproduce:
1. Minimal sssd.conf:
[sssd]
domains = proxy
services = nss
[domain/proxy]
id_provider = proxy
proxy_lib_name = files
auth_provider = none
[nss]
cache_first = True

2. restart SSSD with empty cache
3. call 'getent passwd adm@proxy'

Actual results:
This will return no result

Expected results:
Similar as if 'cache_first = True' is not used in sssd.conf the corresponding entry from /etc/passwd for the user 'adm' should be returned.

Additional info:
Comment 1 Sumit Bose 2021-08-12 07:26:12 UTC 
Upstream ticket:
https://github.com/SSSD/sssd/issues/5744
Comment 4 Alexey Tikhonov 2021-08-16 14:46:30 UTC 
Pushed PR: https://github.com/SSSD/sssd/pull/5745

* `master`
    * 26654d3e5f5882dd1681116cb49228d108351d48 - cache_req: cache_first fix for fully-qualified names
Comment 7 Dhairya Parmar 2021-12-07 11:50:55 UTC 
gating test "src/tests/multihost/alltests/test_misc.py::TestMisc::test_0007_getent_admproxy PASSED [ 40%]" passed with sssd-2.6.1-1.el9
https://ci-jenkins-csb-idmops.apps.ocp-c1.prod.psi.redhat.com/view/GroupTesting/job/rhel-9.0.0-build-sidetag-92833-stack-gate-1638870151306/job/sssd-2.6.1-1.el9/job/pytest-alltests-tier1-2/1/execution/node/71/log/
Comment 14 errata-xmlrpc 2022-05-17 16:00:30 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: sssd), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:4015