Bug 820585

Summary: Group enumeration fails in proxy provider
Product: Red Hat Enterprise Linux 6 Reporter: Kaushik Banerjee <kbanerje>
Component: sssdAssignee: Stephen Gallagher <sgallagh>
Status: CLOSED ERRATA QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: unspecified Docs Contact:
Priority: high    
Version: 6.3CC: grajaiya, jgalipea, jhrozek, prc
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sssd-1.8.0-26.el6 Doc Type: Bug Fix
Doc Text:
No documentation required
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-20 11:56:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Kaushik Banerjee 2012-05-10 12:25:43 UTC
Description of problem:
Group enumeration fails in proxy provider

Version-Release number of selected component (if applicable):
1.8.0-25

How reproducible:
Always

Steps to Reproduce:
1. Configure nss_ldap and verify if enumeration works via nss_ldap:
 
# getent -s ldap group
Group1:*:1001:puser1
Group2:*:1002:
Group3:*:999:
Group4:*:1011:
Duplicate:*:1010:
 
# getent -s ldap passwd
puser1:*:1001:1001:Posix User1:/home/puser1:/bin/bash
puser2:*:1002:1002:Posix User2:/home/puser2:/bin/bash
puser3:*:999:999:Posix User1:/home/puser3:/bin/bash
puser4:*:1011:1011:Posix User4:/home/puser4:
 

2. Configure sssd via proxy:
 
[domain/PROXY]
id_provider = proxy
auth_provider = proxy
debug_level = 0xFFF0
proxy_lib_name = ldap
proxy_pam_target = sssdproxyldap
enumerate = true

 
3. Check if enumeration works via sssd:
 
# getent -s sss passwd
puser1:*:1001:1001:Posix User1:/home/puser1:/bin/bash
puser2:*:1002:1002:Posix User2:/home/puser2:/bin/bash
puser3:*:999:999:Posix User1:/home/puser3:/bin/bash
puser4:*:1011:1011:Posix User4:/home/puser4:
 
# getent -s sss group
                      <== Nothing is returned

  
Actual results:
Group enumeration fails.

Expected results:
Group enumeration should succeed.

Additional info:

Comment 1 Jakub Hrozek 2012-05-10 12:27:40 UTC
Upstream ticket:
https://fedorahosted.org/sssd/ticket/1329

Comment 3 Stephen Gallagher 2012-05-10 18:10:07 UTC
Patch is available upstream.

Comment 6 Kaushik Banerjee 2012-05-15 10:18:36 UTC
Verified with sssd-1.8.0-27


Beaker automation run output:

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: SSSD proxy-ldap test 003 >>> Get Valid LDAP Groups
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Group1:*:1001:
:: [   PASS   ] :: Running 'getent group | grep Group1'
Group2:*:1002:
:: [   PASS   ] :: Running 'getent group | grep Group2'
'98290c4f-2393-49b5-b9cb-bf57bc56fa06'
SSSD-proxy-ldap-test-003-Get-Valid-LDAP-Groups result: PASS
   metric: 0
   Log: /tmp/beakerlib-5759695/journal.txt
    Info: Searching AVC errors produced since 1337029154.3 (Mon May 14 16:59:14 2012)
     Searching logs...
     Info: No AVC messages found.

Comment 7 Stephen Gallagher 2012-06-12 12:51:35 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation required

Comment 9 errata-xmlrpc 2012-06-20 11:56:57 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0747.html