Bug 690866

Summary: Groups with a zero-length memberuid attribute can cause SSSD to stop caching and responding to requests
Product: Red Hat Enterprise Linux 6 Reporter: Stephen Gallagher <sgallagh>
Component: sssdAssignee: Stephen Gallagher <sgallagh>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 6.1CC: benl, dpal, grajaiya, jgalipea, kbanerje, mkhusid, prc
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: sssd-1.5.1-21.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 690867 (view as bug list) Environment:
Last Closed: 2011-05-19 11:39:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 579778, 642407, 690867    

Description Stephen Gallagher 2011-03-25 16:09:39 UTC 
Description of problem:
We are not properly handling the case where a group might have a memberuid attribute with no name (zero-length string). This causes a failure in the code that does not properly clean up after itself, resulting in SSSD holding open a transaction to the ldb, making it unable to cache new lookups properly (as data is only saved when all nested transactions are marked complete).

Version-Release number of selected component (if applicable):
sssd-1.5.1-20.el6


How reproducible:
Every time

Steps to Reproduce:
1. Create an LDAP group in RFC2307 with a memberuid attribute of zero length
2. Purge the cache and restart SSSD
3. run 'getent group <groupname>'
4. run 'getent passwd <valid user>'
  
Actual results:
Neither command returns results

Expected results:
The group request should ignore the empty name and return successfully. The user request should return the user properly.


Additional info:
Comment 3 Gowrishankar Rajaiyan 2011-04-06 10:58:35 UTC 
~]# getent group shanks1
shanks1:*:1921:

~]# getent passwd shanks1
shanks1:*:1921:1921:shanks1:/home/shanks1:/bin/bash


Verified.

# rpm -qi sssd | head
Name        : sssd                         Relocations: (not relocatable)
Version     : 1.5.1                             Vendor: Red Hat, Inc.
Release     : 24.el6                        Build Date: Sat 02 Apr 2011 01:24:54 AM IST
Install Date: Tue 05 Apr 2011 11:11:29 AM IST      Build Host: x86-012.build.bos.redhat.com
Group       : Applications/System           Source RPM: sssd-1.5.1-24.el6.src.rpm
Size        : 3462740                          License: GPLv3+
Signature   : (none)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon
Comment 4 errata-xmlrpc 2011-05-19 11:39:52 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0560.html
Comment 5 errata-xmlrpc 2011-05-19 13:10:12 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0560.html