Bug 882923
| Summary: | Negative cache timeout is not working for proxy provider | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Kaushik Banerjee <kbanerje> |
| Component: | sssd | Assignee: | Jakub Hrozek <jhrozek> |
| Status: | CLOSED ERRATA | QA Contact: | Kaushik Banerjee <kbanerje> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.4 | CC: | grajaiya, jgalipea, okos, pbrezina |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | sssd-1.9.2-47.el6 | Doc Type: | Bug Fix |
| Doc Text: |
Cause: When the proxy provider did not succeed in finding the requested user, the result of the search wasn't stored in the negative cache.
Consequence: A subsequent request for the same user was not answered by the negative cache, but was rather looked up again from the remote server. This bug had performance impact.
Fix: The internal error codes were fixed, allowing the SSSD to store search results that yielded no entries into the negative cache.
Result: Subsequent lookups for non-existent entries are answered from the negative cache and by effect are very fast.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-02-21 09:41:50 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 888457 | ||
|
Description
Kaushik Banerjee
2012-12-03 10:59:05 UTC
Upstream ticket: https://fedorahosted.org/sssd/ticket/1685 Re-opening. The fix seems to work for users, but not for groups. Tested with sssd-1.9.2-41.el6 User is not returned: 1. Lookup non-existant user: # getent passwd puser1; sleep 10 2. Add the user to ldap. 3. Lookup the user: # getent passwd puser1 # However, group is returned within 10 seconds 1. Lookup the non-existant group # getent group Group1; sleep 10 2. Add the group to ldap 3. Lookup the group # getent group Group1 Group1:*:2001:puser1 # Verified in version 1.9.2-59 Report from beaker automation run: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: proxy-ldap_017 New LDAP User Added - Negative Cache Test :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Expected: Failed to lookup nuser@PROXY :: [ PASS ] :: Expected: Failed to lookup nuser@PROXY :: [ LOG ] :: Waiting for negative cache to expire - default 15 seconds :: [ PASS ] :: New user found after cache expired. :: [ LOG ] :: Duration: 17s :: [ LOG ] :: Assertions: 3 good, 0 bad :: [ PASS ] :: RESULT: proxy-ldap_017 New LDAP User Added - Negative Cache Test :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: SSSD proxy-ldap test 018 >>> New LDAP Group Added - Cache Test :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Expected: Failed to lookup a non-existant group :: [ PASS ] :: New group not found yet. :: [ LOG ] :: Sleeping for 15 secs... Waiting for negative cache to expire :: [ PASS ] :: New group found after cache expired. :: [ LOG ] :: Duration: 17s :: [ LOG ] :: Assertions: 3 good, 0 bad :: [ PASS ] :: RESULT: SSSD proxy-ldap test 018 >>> New LDAP Group Added - Cache Test Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0508.html |