Hide Forgot
Description of problem: id lookup resolves "Domain Local" group and errors appear in domain log. Version-Release number of selected component (if applicable): sssd-1.12.4-25.el6 How reproducible: Always Steps to Reproduce: 1. sssd.conf domain section has: [domain/sssdad.com] debug_level = 0x7480 id_provider = ad access_provider = ad ad_domain = sssdad.com krb5_realm = SSSDAD.COM cache_credentials = True krb5_store_password_if_offline = True use_fully_qualified_names = True 2. Add a group "kaugrp1" with group scope "Domain Local". kau1 user is a member in that group. 3. # id kau1 uid=295201603(kau1) gid=295201603(kau1) groups=295201603(kau1),295200513(domain users),295201604(kaugrp1) Actual results: kaugrp1 is shown as a group and following error appears in the domain log: (Tue Mar 31 20:00:06 2015) [sssd[be[sssdad.com]]] [sdap_save_group] (0x4000): AD group [kaugrp1] has type flags 0x80000004. (Tue Mar 31 20:00:06 2015) [sssd[be[sssdad.com]]] [sdap_save_group] (0x0400): Filtering AD group [kaugrp1] ... ... ... (Tue Mar 31 20:00:06 2015) [sssd[be[sssdad.com]]] [sysdb_set_entry_attr] (0x0080): ldb_modify failed: [Attribute or value exists](20)[attribute 'gidNumber': value #1 on 'name=kaugrp1,cn=groups,cn=sssdad_tree.com,cn=sysdb' provided more than once] (Tue Mar 31 20:00:06 2015) [sssd[be[sssdad.com]]] [sysdb_store_group] (0x1000): sysdb_set_group_attr failed. (Tue Mar 31 20:00:06 2015) [sssd[be[sssdad.com]]] [sysdb_store_group] (0x0400): Error: 17 (File exists) (Tue Mar 31 20:00:06 2015) [sssd[be[sssdad.com]]] [sdap_save_group] (0x0080): Could not store group with GID: [File exists] (Tue Mar 31 20:00:06 2015) [sssd[be[sssdad.com]]] [sdap_save_group] (0x0080): Failed to save group [kaugrp1]: [File exists] Expected results: Domain Local group should not be resolved. Additional info:
I have a WIP patch but it need some testing. I would like to avoid another regression.
Upstream ticket: https://fedorahosted.org/sssd/ticket/2614
Fixed upstream: master: b9fbeb75e7a4f50f98d979a70a710f9221892483 bad2fc8133d941e5a6c8d8016c9689e039265c61 5d864e7a9d0e1e6fb7dd8158c5b8bfb71040b908 sssd-1-12: 49895bb18508a4f4b83b99d9875e99e17c81285b bdd031d274659263db5f28408d8b75c63d3485a0 cf7047634308c431f4cfbff1d88564668d2a33c7
Verified with sssd-1.12.4-29.el6 "Domain Local" scoped group is not seen now. # id kau1 uid=295201630(kau1) gid=295201630(kau1) groups=295201630(kau1),295200513(domain users)
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1448.html