Bug 646781

Summary: id only returns primary group membership
Product: [Fedora] Fedora Reporter: Marcus Moeller <marcus.moeller>
Component: sssdAssignee: Stephen Gallagher <sgallagh>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: jhrozek, sbose, sgallagh, ssorce
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: sssd-1.5.0-1.fc14 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-01-10 16:30:09 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Description Flags
sssd log while running id
sssd log without min_uid set
sssd.conf none

Description Marcus Moeller 2010-10-26 04:05:36 EDT
Description of problem:

With latest sssd (1.4) an 'id $USERNAME' only returns the primary group whilst groups are returned correctly with getent group (enumerate on).
Comment 1 Jakub Hrozek 2010-10-26 05:29:20 EDT
What is the schema you are using? RFC2307 or RFC2307bis?

Would you mind pasting your sanitized config file along with logfiles?
Comment 2 Marcus Moeller 2010-10-26 09:13:02 EDT
Created attachment 455764 [details]
sssd log while running id
Comment 3 Marcus Moeller 2010-10-26 09:13:34 EDT
We are using RFC2307bis
Comment 4 Stephen Gallagher 2010-10-26 09:18:23 EDT
Your users and groups are being filtered out. Please try removing the 'min_id' and 'max_id' options from sssd.conf and then retry your tests.

Also, please include your config file.
Comment 5 Marcus Moeller 2010-10-26 10:06:23 EDT
Created attachment 455775 [details]
sssd log without min_uid set
Comment 6 Marcus Moeller 2010-10-26 10:06:54 EDT
Created attachment 455776 [details]
Comment 7 Marcus Moeller 2010-10-26 10:07:18 EDT
removing min_uid leads to exactly the same result
Comment 8 Marcus Moeller 2010-10-26 10:08:38 EDT
Tests without min_id result in exactly the same
Comment 9 Stephen Gallagher 2010-10-26 10:18:06 EDT
Ah, reading through that log, I see that the problem is that with entries that contain parentheses in the distinguished name. We're not properly escaping the search filter, so it's failing because it's not parseable.

We are already tracking this issue upstream: https://fedorahosted.org/sssd/ticket/639
Comment 10 Fedora Update System 2010-12-23 13:45:17 EST
sssd-1.5.0-1.fc14 has been submitted as an update for Fedora 14.
Comment 11 Fedora Update System 2010-12-24 19:22:25 EST
sssd-1.5.0-1.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update sssd'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/sssd-1.5.0-1.fc14
Comment 12 Fedora Update System 2011-01-10 16:29:49 EST
sssd-1.5.0-1.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.