Bug 1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving
Summary: Proxy Provider: Fails to lookup case sensitive users and groups with case_sen...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.1
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Michal Zidek
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-10-16 10:06 UTC by Kaushik Banerjee
Modified: 2015-03-05 10:34 UTC (History)
7 users (show)

Fixed In Version: sssd-1.12.2-16.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-05 10:34:03 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:0441 normal SHIPPED_LIVE sssd bug fix and enhancement update 2015-03-05 15:05:27 UTC

Description Kaushik Banerjee 2014-10-16 10:06:53 UTC
Description of problem:
Fails to lookup users and groups with case_sensitive=preserving in proxy provider

Version-Release number of selected component (if applicable):
sssd-1.12.1-3.el7

How reproducible:
Always

Steps to Reproduce:
1. Add the following ldif to ldap server
dn: uid=User_CS1,ou=Users,dc=example,dc=com
objectClass: posixAccount
objectClass: account
cn: User_CS1
homeDirectory: /home/User_CS1
uid: User_CS1_Alias
uid: User_CS1
uidNumber: 304560
gidNumber: 304560

2. Configure sssd as proxy backend and add case_sensitive=preserving in the domain section:
[domain/PROXY]
debug_level=0xFFF0
id_provider = proxy
proxy_lib_name = ldap
proxy_pam_target = sssdproxyldap
case_sensitive = preserving

3. Lookup an user

Actual results:
Lookup fails to return anything.
# getent -s sss passwd User_CS1
# 

Domain log shows:
(Thu Oct 16 14:44:57 2014) [sssd[be[PROXY]]] [be_get_account_info] (0x0200): Got request for [4097][1][name=user_cs1]
(Thu Oct 16 14:44:57 2014) [sssd[be[PROXY]]] [get_pw_name] (0x0400): Searching user by name (user_cs1)
(Thu Oct 16 14:44:57 2014) [sssd[be[PROXY]]] [handle_getpw_result] (0x0080): User not found.
(Thu Oct 16 14:44:57 2014) [sssd[be[PROXY]]] [delete_user] (0x0400): User user_cs1 does not exist (or is invalid) on remote server, deleting!


But, looking up directly from nss_ldap shows:
# getent -s ldap passwd User_CS1
User_CS1:*:304560:304560:User_CS1:/home/User_CS1:

Expected results:


Additional info:

Comment 2 Jakub Hrozek 2014-10-16 11:43:54 UTC
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2461

Comment 3 Jakub Hrozek 2014-11-13 18:40:07 UTC
master:
    22e074249928605a1d5b926274ae2efb1596bc73
    38429c99bf5af14c2d6bae6ddcf70974fdd103cc

Comment 5 Kaushik Banerjee 2014-11-25 18:14:12 UTC
The result is still the same. Tested with sssd-1.12.2-26.el7

# getent passwd User_CS1;echo $?
2

# getent -s ldap  passwd User_CS1
User_CS1:*:304560:304560:User_CS1:/home/User_CS1:

Domain log shows:

(Tue Nov 25 13:08:07 2014) [sssd[be[PROXY]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][name=user_cs1]
(Tue Nov 25 13:08:07 2014) [sssd[be[PROXY]]] [be_req_set_domain] (0x0400): Changing request domain from [PROXY] to [PROXY]
(Tue Nov 25 13:08:07 2014) [sssd[be[PROXY]]] [get_pw_name] (0x0400): Searching user by name (user_cs1)
(Tue Nov 25 13:08:07 2014) [sssd[be[PROXY]]] [handle_getpw_result] (0x0080): User not found.
(Tue Nov 25 13:08:07 2014) [sssd[be[PROXY]]] [delete_user] (0x0400): User user_cs1 does not exist (or is invalid) on remote server, deleting!

Comment 6 Michal Zidek 2014-11-26 12:53:12 UTC
Hi,

sorry I did not properly read the name of this bugzilla (I started reading the problem description in the comments).

If you want to use proxy_lib_name = ldap, then make sure you put this line to
nscld.conf:
ignorecase yes

Case-insensitive proxy will not work properly with case sensitive nscld. Such configuration could be ambiguous. So this bugzilla's name was invalid from the beginning.

However the description was a valid bug. SSSD really did not work with case_sensitive = preserving (actually it also did not work for case_sensitive = false). And that was the bug that was fixed upstream now.

Sorry I should have noticed that earlier.

Michal

Comment 7 Kaushik Banerjee 2014-11-28 12:58:20 UTC
Works fine with "ignorecase yes" in nslcd.conf.

Thanks Michal. You can change the status of this bug to ON_QA again.

Comment 8 Kaushik Banerjee 2014-12-03 09:48:28 UTC
Verified in version 1.12.2-28.el7

# getent passwd User_CS1
User_CS1_Alias:*:304560:304560:User_CS1:/home/User_CS1:

# getent group user_cs1_grp1
User_CS1_grp1_Alias:*:304560:User_CS1

Comment 10 errata-xmlrpc 2015-03-05 10:34:03 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0441.html


Note You need to log in before you can comment on or make changes to this bug.