1165074 – RHEL6.6 sssd (1.11) doesn't return all group memberships against an IPA server

Bug 1165074 - RHEL6.6 sssd (1.11) doesn't return all group memberships against an IPA server

Summary: RHEL6.6 sssd (1.11) doesn't return all group memberships against an IPA server

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	sssd
Sub Component:
Version:	6.6
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	rc
Target Release:	---
Assignee:	Jakub Hrozek
QA Contact:	Kaushik Banerjee
Docs Contact:
URL:
Whiteboard:
Depends On:	1154042
Blocks:
TreeView+	depends on / blocked

Reported:	2014-11-18 09:38 UTC by Jan Kurik
Modified:	2020-05-04 10:42 UTC (History)
CC List:	17 users (show)
Fixed In Version:	sssd-1.11.6-30.el6_6.3
Doc Type:	Bug Fix
Doc Text:
Clone Of:	1154042
Environment:
Last Closed:	2014-12-08 09:08:46 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	SSSD sssd issues 3513	0	None	None	None	2020-05-04 10:42:56 UTC
Red Hat Product Errata	RHBA-2014:1967	0	normal	SHIPPED_LIVE	sssd bug fix update	2014-12-08 14:07:50 UTC

Description Jan Kurik 2014-11-18 09:38:47 UTC

This bug has been copied from bug #1154042 and has been proposed
to be backported to 6.6 z-stream (EUS).

Comment 3 Jakub Hrozek 2014-11-18 09:42:37 UTC

I'll do the builds.

Comment 5 Steeve Goveas 2014-11-20 11:24:25 UTC

With unpatched version
[root@vm-idm-031 ~]# rpm -q sssd
sssd-1.11.6-30.el6.x86_64

[root@vm-idm-031 ~]# ipa user-show bug1
  User login: bug1
  First name: bug
  Last name: bz
  Home directory: /home/bug1
  Login shell: /bin/sh
  Email address: bug1
  UID: 1495400001
  GID: 1495400001
  Account disabled: False
  Password: True
  Member of groups: ipausers, testgrp, testgrp2, testgrp3, testgrp4, testgrp5, testgrp6, testgrp7, testgrp8, testgrp9, testgrp10, testgrp11
  Roles: testgrp
  Kerberos keys available: True

[root@vm-idm-031 ~]# ipa group-add-member --user=bug2 testgrp

[root@vm-idm-031 ~]# ipa role-add-member --users=bug2

[root@vm-idm-031 ~]# ipa user-show bug2
  User login: bug2
  First name: bug
  Last name: bz
  Home directory: /home/bug2
  Login shell: /bin/sh
  Email address: bug2
  UID: 1495400014
  GID: 1495400014
  Account disabled: False
  Password: True
  Member of groups: ipausers, testgrp
  Roles: testgrp
  Kerberos keys available: True

[root@vm-idm-031 ~]# service sssd stop; rm -rf /var/lib/sss/{mc,db}/*; service sssd start
Stopping sssd: [  OK  ]
Starting sssd: [  OK  ]

[root@vm-idm-031 ~]# id bug1
uid=1495400001(bug1) gid=1495400001(bug1) groups=1495400001(bug1)

[root@vm-idm-031 ~]# id bug2
uid=1495400014(bug2) gid=1495400014(bug2) groups=1495400014(bug2)

[root@vm-idm-031 ~]# tail -f /var/log/sssd/sssd_testrelm.test.log
.
.
(Thu Nov 20 10:57:02 2014) [sssd[be[testrelm.test]]] [ldb] (0x4000): cancel ldb transaction (nesting: 3)
(Thu Nov 20 10:57:02 2014) [sssd[be[testrelm.test]]] [sysdb_add_basic_group] (0x0400): Error: 17 (File exists)
(Thu Nov 20 10:57:02 2014) [sssd[be[testrelm.test]]] [sysdb_add_incomplete_group] (0x0400): Error: 17 (File exists)
(Thu Nov 20 10:57:02 2014) [sssd[be[testrelm.test]]] [ldb] (0x4000): cancel ldb transaction (nesting: 2)
(Thu Nov 20 10:57:02 2014) [sssd[be[testrelm.test]]] [sdap_nested_groups_store] (0x0400): Could not add incomplete groups [17]: File exists
(Thu Nov 20 10:57:02 2014) [sssd[be[testrelm.test]]] [ldb] (0x4000): cancel ldb transaction (nesting: 1)
(Thu Nov 20 10:57:02 2014) [sssd[be[testrelm.test]]] [sdap_initgr_nested_store] (0x0080): Could not save groups [17]: File exists
(Thu Nov 20 10:57:02 2014) [sssd[be[testrelm.test]]] [ldb] (0x4000): cancel ldb transaction (nesting: 0)
(Thu Nov 20 10:57:02 2014) [sssd[be[testrelm.test]]] [sdap_get_initgr_done] (0x4000): Initgroups done
(Thu Nov 20 10:57:02 2014) [sssd[be[testrelm.test]]] [sdap_get_initgr_done] (0x4000): Error in initgroups: [17][File exists]
(Thu Nov 20 10:57:02 2014) [sssd[be[testrelm.test]]] [sdap_id_op_done] (0x4000): releasing operation connection
(Thu Nov 20 10:57:02 2014) [sssd[be[testrelm.test]]] [sbus_add_timeout] (0x2000): 0x201c7f0
(Thu Nov 20 10:57:02 2014) [sssd[be[testrelm.test]]] [sdap_process_result] (0x2000): Trace: sh[0x1fe6b70], connected[1], ops[(nil)], ldap[0x1fdb9d0]
(Thu Nov 20 10:57:02 2014) [sssd[be[testrelm.test]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
(Thu Nov 20 10:57:02 2014) [sssd[be[testrelm.test]]] [sbus_remove_timeout] (0x2000): 0x201c7f0
(Thu Nov 20 10:57:02 2014) [sssd[be[testrelm.test]]] [sbus_dispatch] (0x4000): dbus conn: 0x1ff92e0
(Thu Nov 20 10:57:02 2014) [sssd[be[testrelm.test]]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Nov 20 10:57:02 2014) [sssd[be[testrelm.test]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,17,Init group lookup failed

With update version
[root@vm-idm-031 ~]# rpm -q sssd
sssd-1.11.6-30.el6_6.3.x86_64

[root@vm-idm-031 ~]# service sssd stop; rm -rf /var/lib/sss/{mc,db}/*; service sssd start
Stopping sssd: [  OK  ]
Starting sssd: [  OK  ]

[root@vm-idm-031 ~]# id bug1
uid=1495400001(bug1) gid=1495400001(bug1) groups=1495400001(bug1),1495400004(testgrp2),1495400008(testgrp6),1495400007(testgrp5),1495400011(testgrp9),1495400003(testgrp),1495400006(testgrp4),1495400010(testgrp8),1495400012(testgrp10),1495400005(testgrp3),1495400009(testgrp7),1495400013(testgrp11)

[root@vm-idm-031 ~]# id bug2
uid=1495400014(bug2) gid=1495400014(bug2) groups=1495400014(bug2),1495400003(testgrp)

Verified in version sssd-1.11.6-30.el6_6.3.x86_64

Comment 7 errata-xmlrpc 2014-12-08 09:08:46 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2014-1967.html

Note You need to log in before you can comment on or make changes to this bug.