RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1214337 - Overrides with --login work in second attempt
Summary: Overrides with --login work in second attempt
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.1
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: Sumit Bose
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
: 1214717 (view as bug list)
Depends On: 1213822 1214717
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-04-22 13:22 UTC by Sumit Bose
Modified: 2020-05-02 18:01 UTC (History)
14 users (show)

Fixed In Version: sssd-1.13.0-0.1.alpha.el7
Doc Type: Bug Fix
Doc Text:
Clone Of: 1213822
Environment:
Last Closed: 2015-11-19 11:38:10 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github SSSD sssd issues 3671 0 None None None 2020-05-02 18:01:29 UTC
Red Hat Product Errata RHSA-2015:2355 0 normal SHIPPED_LIVE Low: sssd security, bug fix, and enhancement update 2015-11-19 10:27:42 UTC

Comment 2 Jakub Hrozek 2015-04-22 13:34:30 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2630
Comment 3 Jakub Hrozek 2015-04-27 13:52:12 UTC 
Fixed upstream:
    master: 2ab9a4538eb2e1a255e645f7efdcfd6bb722d265
    sssd-1-12: 3453e4734d2f7738034af61edb7d33c0c7095d8a
Comment 4 Sumit Bose 2015-04-29 09:46:48 UTC 
A segfault caused by the patch was found. resetting the status to ASSIGNED.
Comment 5 Jakub Hrozek 2015-04-30 15:59:08 UTC 
Additional patch landed upstream
    master: c520f40d1a2d77cf1d413451b5682297733521ed
    sssd-1-12: e31d5babfd036cf64c9179dc60bbd79f541ef89b
Comment 6 Jakub Hrozek 2015-04-30 16:03:26 UTC 
*** Bug 1214717 has been marked as a duplicate of this bug. ***
Comment 11 Sudhir Menon 2015-09-29 11:10:12 UTC 
Verified on RHEL7.2 and Windows 2012 R2.

sssd-ldap-1.13.0-35.el7.x86_64

1. After adding the group in AD and setting POSIX attribute GID to the group in AD which matches to the GID in server getent passwd output, 
the getent passwd $overrideusername gave the output in first attempt.

[root@ipa02 ~]# ipa idoverrideuser-add 'default trust view' test100  --login syncuser07
----------------------------------------
Added User ID override "test100"
----------------------------------------
  Anchor to override: test100
  User login: syncuser07

[root@ipaclient02 ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start
Redirecting to /bin/systemctl stop  sssd.service
Redirecting to /bin/systemctl start  sssd.service

[root@ipaclient02 ~]# getent passwd syncuser07 ; echo $?
syncuser07:*:10099:10000:test100:/home/test.in/test100:/bin/sh
0

[root@ipaclient02 ~]# getent passwd syncuser07 ; echo $?
syncuser07:*:10099:10000:test100:/home/test.in/test100:/bin/sh
0

2. When the below steps are performed, the output for getent passwd is displayed for the first time.

[root@ipa02 sssd]# ipa idview-show hostview --show-hosts
  ID View Name: hostview
  User object overrides: test99
  Group object overrides: grp1
  Hosts the view applies to: ipaclient02.labs02.test

[root@ipaclient02 ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start
Redirecting to /bin/systemctl stop  sssd.service
Redirecting to /bin/systemctl start  sssd.service

[root@ipaclient02 ~]# getent passwd syncuser07 ; echo $?
syncuser07:*:10099:10000:test100:/home/test.in/test100:/bin/sh
0
Comment 12 errata-xmlrpc 2015-11-19 11:38:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2355.html
Note You need to log in before you can comment on or make changes to this bug.