Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 1154042 - RHEL6.6 sssd (1.11) doesn't return all group memberships against an IPA server
RHEL6.6 sssd (1.11) doesn't return all group memberships against an IPA server
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd (Show other bugs)
6.6
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: Jakub Hrozek
Kaushik Banerjee
: ZStream
Depends On:
Blocks: 1159926 1165074
  Show dependency treegraph
 
Reported: 2014-10-17 07:34 EDT by Christos Triantafyllidis
Modified: 2015-07-22 02:41 EDT (History)
14 users (show)

See Also:
Fixed In Version: sssd-1.11.6-33.el6
Doc Type: Bug Fix
Doc Text:
Already released via ZStream
Story Points: ---
Clone Of:
: 1165074 (view as bug list)
Environment:
Last Closed: 2015-07-22 02:41:57 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
console output with verification steps (7.82 KB, text/plain)
2015-04-08 07:11 EDT, Kaleem
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:1448 normal SHIPPED_LIVE sssd bug fix and enhancement update 2015-07-20 14:43:53 EDT

  None (edit)
Description Christos Triantafyllidis 2014-10-17 07:34:53 EDT
Description of problem:
Customer updated his 6.5 clients to 6.6 and after that not all groups are returned on id or id -G commands.



Version-Release number of selected component (if applicable):
sssd-1.11.6-30.el6.x86_64

How reproducible:
Everytime in customers environment

Steps to Reproduce:
1. Not clear, for customer just updating to 1.11 packages is sufficient

Actual results:
If we clean cache and remove the local cache database the users appear to be members of their primary group only.

Expected results:
All groups should be returned.

Additional info:
getent group groupname does return the correct output and after that the id command returns that group too.

Logs, config, command outputs will follow
Comment 10 Jakub Hrozek 2014-10-21 08:47:38 EDT
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2471
Comment 19 Jakub Hrozek 2014-11-05 09:07:31 EST
* master: 3937736546e2a4b7cccc58fded3efdff9ae690fc
Comment 20 Jakub Hrozek 2014-11-05 09:32:31 EST
Here are test builds:
https://jhrozek.fedorapeople.org/sssd-test-builds/sssd-6.6-ipa-group-fix/

Please note that this fix applies for users who run the IPA provider only.

If there are problems with the LDAP provider connected to an AD server, you are probably looking for bug https://bugzilla.redhat.com/show_bug.cgi?id=1160713
Comment 32 Kaleem 2015-04-08 07:10:30 EDT
Verified.

SSSD version:
=============

[root@dhcp207-229 ~]# rpm -q sssd
sssd-1.12.4-25.el6.x86_64
[root@dhcp207-229 ~]#

[root@dhcp207-229 ~]# ipa user-show testuser1
  User login: testuser1
  First name: test
  Last name: user1
  Home directory: /home/testuser1
  Login shell: /bin/sh
  Email address: testuser1@testrelm.test
  UID: 1121600001
  GID: 1121600001
  Account disabled: False
  Password: False
  Member of groups: ipausers, testgrp1, testgrp2, testgrp3, testgrp4, testgrp5, testgrp6, testgrp7, testgrp8, testgrp9, testgrp10, testgrp11
  Roles: testgrp1
  Kerberos keys available: False
[root@dhcp207-229 ~]# id testuser1
uid=527200001(testuser1) gid=527200001(testuser1) groups=527200001(testuser1),527200005(testgrp2),527200009(testgrp6),527200004(testgrp1),527200008(testgrp5),527200012(testgrp9),527200007(testgrp4),527200011(testgrp8),527200013(testgrp10),527200006(testgrp3),527200010(testgrp7),527200014(testgrp11)
[root@dhcp207-229 ~]#
Comment 33 Kaleem 2015-04-08 07:11:21 EDT
Created attachment 1012168 [details]
console output with verification steps
Comment 35 errata-xmlrpc 2015-07-22 02:41:57 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1448.html

Note You need to log in before you can comment on or make changes to this bug.