RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Description of problem:
Group membership of multiple named user is not seen after user lookup.

Version-Release number of selected component (if applicable):
sssd-1.11.2-18.el7

How reproducible:
Always

Steps to Reproduce:
1. LDIF used to add user and group:
dn: uid=User_CS1,ou=Users,dc=example,dc=com
objectClass: posixAccount
objectClass: account
cn: User_CS1
homeDirectory: /home/User_CS1
userPassword:: U2VjcmV0MTIz
uid: User_CS1_Alias
uid: User_CS1
uidNumber: 304560
gidNumber: 304560

dn: cn=User_CS1_grp1,ou=Groups,dc=example,dc=com
objectClass: posixGroup
memberUid: User_CS1
cn: User_CS1_grp1_Alias
cn: User_CS1_grp1
gidNumber: 304560 

2. On executing initgroups and then group lookup, the member is not returned:
# getent passwd User_CS1
User_CS1_Alias:*:304560:304560:User_CS1:/home/User_CS1:
# getent group User_CS1_grp1
User_CS1_grp1:*:304560: 

3. But if I clear cache and lookup the group, the member is returned appropriately:
# getent group User_CS1_grp1
User_CS1_grp1:*:304560:User_CS1

Actual results:
Group lookup does not return member with multiple names.

Expected results:
Group lookup should display member.

Additional info:

I can reproduce locally

Upstream ticket:
https://fedorahosted.org/sssd/ticket/2191

Fixed upstream:
    master: 850f7b6ce4a0f3faa168d6ded2467585065436e6
    sssd-1-11: 1ff814c4d42b1369fd21ec022b56e913ea5cbf62

Verified in version 1.11.2-24.el7

Snippet from beaker automation run:

:: [   PASS   ] :: Running 'getent passwd User_CS1 | awk -F: '{print $1}' | grep User_CS1' (Expected 0, got 0)
:: [   PASS   ] :: Running 'getent passwd user_cs1' (Expected 2, got 2)
User_CS1_Alias
:: [   PASS   ] :: Running 'getent passwd User_CS1_Alias | awk -F: '{print $1}' | grep User_CS1' (Expected 0, got 0)
:: [   PASS   ] :: Running 'getent passwd user_cs1_alias' (Expected 2, got 2)
User_CS1_grp1_Alias
:: [   PASS   ] :: Running 'getent group User_CS1_grp1 | awk -F: '{print $1}' | grep User_CS1_grp1' (Expected 0, got 0)
User_CS1
:: [   PASS   ] :: Running 'getent group User_CS1_grp1 | awk -F: '{print $4}' | grep User_CS1' (Expected 0, got 0)

This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.