Bug 2000261
Summary: | extdom: LDAP_INVALID_SYNTAX returned instead of LDAP_NO_SUCH_OBJECT | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Rob Crittenden <rcritten> | |
Component: | ipa | Assignee: | Florence Blanc-Renaud <frenaud> | |
Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 7.9 | CC: | amore, jreznik, ksiddiqu, rcritten, sbose, tapazogl, tscherf | |
Target Milestone: | rc | Keywords: | Triaged, ZStream | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | ipa-4.6.8-5.el7_9.9 | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 2000263 2000269 (view as bug list) | Environment: | ||
Last Closed: | 2021-10-12 15:28:48 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 2000263, 2000269 |
Description
Rob Crittenden
2021-09-01 17:23:47 UTC
Fixed upstream master: https://pagure.io/freeipa/c/d743219a9ae8a0ec9978dcbdd81eb89b7fd707f4 Fixed upstream ipa-4-6: https://pagure.io/freeipa/c/5604b7ed045cc9b9e51dd2c57319974be84de2cf Fixed upstream ipa-4-8: https://pagure.io/freeipa/c/decccb1a8b857c41ff1c278806ca5692417b0e30 Fixed upstream ipa-4-9: https://pagure.io/freeipa/c/4fca95751ca32a1ed16a6d8a4e557c5799ec5c78 [root@client ~]# rpm -qa ipa-client ipa-client-4.6.8-5.el7_9.7.x86_64 [root@client ~]# ipa config-show | grep resolution Domain resolution order: dom7oo2.test:a20q0.test [root@client ~]# [root@client ~]# systemctl stop sssd; rm -rf /var/lib/sss/{db,mc}/*; systemctl start sssd; sleep 6 [root@client ~]# id aduser1.test uid=441801107(aduser1.test) gid=441801107(aduser1.test) groups=441801107(aduser1.test),441800513(domain users.test) [root@client ~]# date; getent group 441801107 Tue Sep 21 07:30:50 EDT 2021 aduser1.test:*:441801107: [root@client ~]# date ; getent passwd 441801107 Tue Sep 21 07:31:06 EDT 2021 aduser1.test:*:441801107:441801107:aduser1:/home/sub7oo2.dom7oo2.test/aduser1: [root@client ~]# grep -rn "Data Provider Error: 3" /var/log/* /var/log/sssd/sssd_nss.log:3669:(2021-09-21 6:59:13): [nss] [cache_req_common_dp_recv] (0x0040): CR #0: Data Provider Error: 3, 1432158229, Network I/O Error /var/log/sssd/sssd_nss.log:3860:(2021-09-21 7:02:27): [nss] [cache_req_common_dp_recv] (0x0040): CR #3: Data Provider Error: 3, 1432158229, Network I/O Error /var/log/sssd/sssd_nss.log:3967:(2021-09-21 7:02:27): [nss] [cache_req_common_dp_recv] (0x0040): CR #5: Data Provider Error: 3, 1432158229, Network I/O Error /var/log/sssd/sssd_nss.log:4357:(2021-09-21 7:30:33): [nss] [sss_dp_get_account_domain_recv] (0x0040): Data Provider Error: 3, 1432158300 /var/log/sssd/sssd_nss.log:4380:(2021-09-21 7:30:33): [nss] [cache_req_common_dp_recv] (0x0040): CR #1: Data Provider Error: 3, 1432158229, Network I/O Error /var/log/sssd/sssd_nss.log:4498:(2021-09-21 7:30:33): [nss] [cache_req_common_dp_recv] (0x0040): CR #3: Data Provider Error: 3, 1432158229, Network I/O Error [root@client ~]# ++++++++++++++++++++++++++++++++++++++++++++++ [root@client ~]# rpm -qa ipa-client ipa-client-4.6.8-5.el7_9.9.x86_64 [root@client ~]# systemctl stop sssd; rm -rf /var/lib/sss/{db,mc}/*; systemctl start sssd; sleep 6 [root@client ~]# date ; id aduser1.test Tue Sep 21 07:33:11 EDT 2021 uid=441801107(aduser1.test) gid=441801107(aduser1.test) groups=441801107(aduser1.test),441800513(domain users.test) [root@client ~]# date; getent group 441801107 Tue Sep 21 07:33:25 EDT 2021 aduser1.test:*:441801107: [root@client ~]# date ; getent passwd 441801107 Tue Sep 21 07:33:36 EDT 2021 aduser1.test:*:441801107:441801107:aduser1:/home/sub7oo2.dom7oo2.test/aduser1: [root@client ~]# grep -rn "Data Provider Error: 3" /var/log/* /var/log/sssd/sssd_nss.log:1228:(2021-09-21 6:04:03): [nss] [sss_dp_get_account_domain_recv] (0x0040): Data Provider Error: 3, 1432158300 /var/log/sssd/sssd_nss.log:1360:(2021-09-21 6:04:10): [nss] [sss_dp_get_account_domain_recv] (0x0040): Data Provider Error: 3, 1432158300 /var/log/sssd/sssd_nss.log:2144:(2021-09-21 7:33:11): [nss] [sss_dp_get_account_domain_recv] (0x0040): Data Provider Error: 3, 1432158300 [root@client ~]# ipa config-show | grep resolution Domain resolution order: dom7oo2.test:a0j1u.test [root@client ~]# Hi, it looks like using a UID or GID from another domain in the trusted forest can reproduce the issue even more easily. The important step is that a different AD domain is listed before in the domain resolution order. bye, Sumit Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ipa bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:3800 |