Bug 784420
Summary: | Offline(network disconnect) authentication using proxy provider crashes sssd. | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Amith <apeetham> | ||||
Component: | sssd | Assignee: | SSSD Maintainers <sssd-maint> | ||||
Status: | CLOSED DEFERRED | QA Contact: | Kaushik Banerjee <kbanerje> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 7.0 | CC: | grajaiya, jgalipea, jhrozek, jplans, kbanerje, lslebodn, mkosek, nkarandi, pbrezina, prc, rmainz, syeghiay | ||||
Target Milestone: | rc | Keywords: | Reopened | ||||
Target Release: | 7.1 | ||||||
Hardware: | i386 | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2015-04-24 11:22:11 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Amith
2012-01-24 20:46:42 UTC
Upstream ticket: https://fedorahosted.org/sssd/ticket/1153 Neither development nor the original reporter have been able to reproduce the issue recently. Closing as WORKSFORME. Please reopen this bug if the issue resurfaces. Created attachment 783797 [details]
backtrace from reproducer
This seems to be an nss_ldap bug. The getpwnam input is correct, so it should yield (some) results, not crash. The backtrace appears to show the process exiting after receiving a SIGTERM. Is the monitor sending it a SIGTERM after a timeout expires while nss_ldap is waiting to reconnect? (In reply to Nalin Dahyabhai from comment #9) > The backtrace appears to show the process exiting after receiving a SIGTERM. > Is the monitor sending it a SIGTERM after a timeout expires while nss_ldap > is waiting to reconnect? Yes, but the SIGTERM would come after 30 seconds, shouldn't nss_ldap rather timeout much faster? (In reply to Jakub Hrozek from comment #10) > Yes, but the SIGTERM would come after 30 seconds, shouldn't nss_ldap rather > timeout much faster? Not in the default "hard" mode, in which it does exponential backoff, starting by default with four seconds, and doubling the interval each time it needs to retry, up to the default maximum of 64 seconds. Amith, do you have the contents of /var/log/messages from a machine where you're seeing this? I'd expect to see nss_ldap logging messages about sleeping for some number of seconds before its next attempt at reconnecting, which would confirm that this is what's happening. Nalin is right this is an SSSD problem after all. Upstream ticket: https://fedorahosted.org/sssd/ticket/2144 There is an easy workaround of setting a longer "timeout" or tweaking the nss_ldap configuration. A better fix would be to spawn a subprocess per lookup, but that's an incremental improvement, so I'm moving this bugzilla to 7.1 for now. Thank you taking your time and submitting this request for Red Hat Enterprise Linux. Unfortunately, this bug was not given a priority and was deferred both in the upstream project and in Red Hat Enterprise Linux. Given that we are unable to fulfill this request in following Red Hat Enterprise Linux releases, I am closing the Bugzilla as DEFERRED. To request that Red Hat re-considers the decision, please re-open the Bugzilla via appropriate support channels and provide additional business and/or technical details about its importance to you. Note that you can still track this request or even contribute patches in the referred upstream Trac ticket. |