Red Hat Bugzilla – Bug 1153603
Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving
Last modified: 2015-03-05 05:34:03 EST
Description of problem: Fails to lookup users and groups with case_sensitive=preserving in proxy provider Version-Release number of selected component (if applicable): sssd-1.12.1-3.el7 How reproducible: Always Steps to Reproduce: 1. Add the following ldif to ldap server dn: uid=User_CS1,ou=Users,dc=example,dc=com objectClass: posixAccount objectClass: account cn: User_CS1 homeDirectory: /home/User_CS1 uid: User_CS1_Alias uid: User_CS1 uidNumber: 304560 gidNumber: 304560 2. Configure sssd as proxy backend and add case_sensitive=preserving in the domain section: [domain/PROXY] debug_level=0xFFF0 id_provider = proxy proxy_lib_name = ldap proxy_pam_target = sssdproxyldap case_sensitive = preserving 3. Lookup an user Actual results: Lookup fails to return anything. # getent -s sss passwd User_CS1 # Domain log shows: (Thu Oct 16 14:44:57 2014) [sssd[be[PROXY]]] [be_get_account_info] (0x0200): Got request for [4097][1][name=user_cs1] (Thu Oct 16 14:44:57 2014) [sssd[be[PROXY]]] [get_pw_name] (0x0400): Searching user by name (user_cs1) (Thu Oct 16 14:44:57 2014) [sssd[be[PROXY]]] [handle_getpw_result] (0x0080): User not found. (Thu Oct 16 14:44:57 2014) [sssd[be[PROXY]]] [delete_user] (0x0400): User user_cs1 does not exist (or is invalid) on remote server, deleting! But, looking up directly from nss_ldap shows: # getent -s ldap passwd User_CS1 User_CS1:*:304560:304560:User_CS1:/home/User_CS1: Expected results: Additional info:
Upstream ticket: https://fedorahosted.org/sssd/ticket/2461
master: 22e074249928605a1d5b926274ae2efb1596bc73 38429c99bf5af14c2d6bae6ddcf70974fdd103cc
The result is still the same. Tested with sssd-1.12.2-26.el7 # getent passwd User_CS1;echo $? 2 # getent -s ldap passwd User_CS1 User_CS1:*:304560:304560:User_CS1:/home/User_CS1: Domain log shows: (Tue Nov 25 13:08:07 2014) [sssd[be[PROXY]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][name=user_cs1] (Tue Nov 25 13:08:07 2014) [sssd[be[PROXY]]] [be_req_set_domain] (0x0400): Changing request domain from [PROXY] to [PROXY] (Tue Nov 25 13:08:07 2014) [sssd[be[PROXY]]] [get_pw_name] (0x0400): Searching user by name (user_cs1) (Tue Nov 25 13:08:07 2014) [sssd[be[PROXY]]] [handle_getpw_result] (0x0080): User not found. (Tue Nov 25 13:08:07 2014) [sssd[be[PROXY]]] [delete_user] (0x0400): User user_cs1 does not exist (or is invalid) on remote server, deleting!
Hi, sorry I did not properly read the name of this bugzilla (I started reading the problem description in the comments). If you want to use proxy_lib_name = ldap, then make sure you put this line to nscld.conf: ignorecase yes Case-insensitive proxy will not work properly with case sensitive nscld. Such configuration could be ambiguous. So this bugzilla's name was invalid from the beginning. However the description was a valid bug. SSSD really did not work with case_sensitive = preserving (actually it also did not work for case_sensitive = false). And that was the bug that was fixed upstream now. Sorry I should have noticed that earlier. Michal
Works fine with "ignorecase yes" in nslcd.conf. Thanks Michal. You can change the status of this bug to ON_QA again.
Verified in version 1.12.2-28.el7 # getent passwd User_CS1 User_CS1_Alias:*:304560:304560:User_CS1:/home/User_CS1: # getent group user_cs1_grp1 User_CS1_grp1_Alias:*:304560:User_CS1
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0441.html