Bug 1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving
Summary: Proxy Provider: Fails to lookup case sensitive users and groups with case_sen...
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.1
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Michal Zidek
QA Contact: Kaushik Banerjee
Depends On:
TreeView+ depends on / blocked
Reported: 2014-10-16 10:06 UTC by Kaushik Banerjee
Modified: 2015-03-05 10:34 UTC (History)
7 users (show)

Fixed In Version: sssd-1.12.2-16.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-03-05 10:34:03 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:0441 normal SHIPPED_LIVE sssd bug fix and enhancement update 2015-03-05 15:05:27 UTC

Description Kaushik Banerjee 2014-10-16 10:06:53 UTC
Description of problem:
Fails to lookup users and groups with case_sensitive=preserving in proxy provider

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Add the following ldif to ldap server
dn: uid=User_CS1,ou=Users,dc=example,dc=com
objectClass: posixAccount
objectClass: account
cn: User_CS1
homeDirectory: /home/User_CS1
uid: User_CS1_Alias
uid: User_CS1
uidNumber: 304560
gidNumber: 304560

2. Configure sssd as proxy backend and add case_sensitive=preserving in the domain section:
id_provider = proxy
proxy_lib_name = ldap
proxy_pam_target = sssdproxyldap
case_sensitive = preserving

3. Lookup an user

Actual results:
Lookup fails to return anything.
# getent -s sss passwd User_CS1

Domain log shows:
(Thu Oct 16 14:44:57 2014) [sssd[be[PROXY]]] [be_get_account_info] (0x0200): Got request for [4097][1][name=user_cs1]
(Thu Oct 16 14:44:57 2014) [sssd[be[PROXY]]] [get_pw_name] (0x0400): Searching user by name (user_cs1)
(Thu Oct 16 14:44:57 2014) [sssd[be[PROXY]]] [handle_getpw_result] (0x0080): User not found.
(Thu Oct 16 14:44:57 2014) [sssd[be[PROXY]]] [delete_user] (0x0400): User user_cs1 does not exist (or is invalid) on remote server, deleting!

But, looking up directly from nss_ldap shows:
# getent -s ldap passwd User_CS1

Expected results:

Additional info:

Comment 2 Jakub Hrozek 2014-10-16 11:43:54 UTC
Upstream ticket:

Comment 3 Jakub Hrozek 2014-11-13 18:40:07 UTC

Comment 5 Kaushik Banerjee 2014-11-25 18:14:12 UTC
The result is still the same. Tested with sssd-1.12.2-26.el7

# getent passwd User_CS1;echo $?

# getent -s ldap  passwd User_CS1

Domain log shows:

(Tue Nov 25 13:08:07 2014) [sssd[be[PROXY]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][name=user_cs1]
(Tue Nov 25 13:08:07 2014) [sssd[be[PROXY]]] [be_req_set_domain] (0x0400): Changing request domain from [PROXY] to [PROXY]
(Tue Nov 25 13:08:07 2014) [sssd[be[PROXY]]] [get_pw_name] (0x0400): Searching user by name (user_cs1)
(Tue Nov 25 13:08:07 2014) [sssd[be[PROXY]]] [handle_getpw_result] (0x0080): User not found.
(Tue Nov 25 13:08:07 2014) [sssd[be[PROXY]]] [delete_user] (0x0400): User user_cs1 does not exist (or is invalid) on remote server, deleting!

Comment 6 Michal Zidek 2014-11-26 12:53:12 UTC

sorry I did not properly read the name of this bugzilla (I started reading the problem description in the comments).

If you want to use proxy_lib_name = ldap, then make sure you put this line to
ignorecase yes

Case-insensitive proxy will not work properly with case sensitive nscld. Such configuration could be ambiguous. So this bugzilla's name was invalid from the beginning.

However the description was a valid bug. SSSD really did not work with case_sensitive = preserving (actually it also did not work for case_sensitive = false). And that was the bug that was fixed upstream now.

Sorry I should have noticed that earlier.


Comment 7 Kaushik Banerjee 2014-11-28 12:58:20 UTC
Works fine with "ignorecase yes" in nslcd.conf.

Thanks Michal. You can change the status of this bug to ON_QA again.

Comment 8 Kaushik Banerjee 2014-12-03 09:48:28 UTC
Verified in version 1.12.2-28.el7

# getent passwd User_CS1

# getent group user_cs1_grp1

Comment 10 errata-xmlrpc 2015-03-05 10:34:03 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.