Bug 1214337 - Overrides with --login work in second attempt
Summary: Overrides with --login work in second attempt
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.1
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: Sumit Bose
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
: 1214717 (view as bug list)
Depends On: 1213822 1214717
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-04-22 13:22 UTC by Sumit Bose
Modified: 2020-05-02 18:01 UTC (History)
14 users (show)

Fixed In Version: sssd-1.13.0-0.1.alpha.el7
Doc Type: Bug Fix
Doc Text:
Clone Of: 1213822
Environment:
Last Closed: 2015-11-19 11:38:10 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github SSSD sssd issues 3671 None None None 2020-05-02 18:01:29 UTC
Red Hat Product Errata RHSA-2015:2355 normal SHIPPED_LIVE Low: sssd security, bug fix, and enhancement update 2015-11-19 10:27:42 UTC

Comment 2 Jakub Hrozek 2015-04-22 13:34:30 UTC
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2630

Comment 3 Jakub Hrozek 2015-04-27 13:52:12 UTC
Fixed upstream:
    master: 2ab9a4538eb2e1a255e645f7efdcfd6bb722d265
    sssd-1-12: 3453e4734d2f7738034af61edb7d33c0c7095d8a

Comment 4 Sumit Bose 2015-04-29 09:46:48 UTC
A segfault caused by the patch was found. resetting the status to ASSIGNED.

Comment 5 Jakub Hrozek 2015-04-30 15:59:08 UTC
Additional patch landed upstream
    master: c520f40d1a2d77cf1d413451b5682297733521ed
    sssd-1-12: e31d5babfd036cf64c9179dc60bbd79f541ef89b

Comment 6 Jakub Hrozek 2015-04-30 16:03:26 UTC
*** Bug 1214717 has been marked as a duplicate of this bug. ***

Comment 11 Sudhir Menon 2015-09-29 11:10:12 UTC
Verified on RHEL7.2 and Windows 2012 R2.

sssd-ldap-1.13.0-35.el7.x86_64

1. After adding the group in AD and setting POSIX attribute GID to the group in AD which matches to the GID in server getent passwd output, 
the getent passwd $overrideusername gave the output in first attempt.

[root@ipa02 ~]# ipa idoverrideuser-add 'default trust view' test100@test.in  --login syncuser07
----------------------------------------
Added User ID override "test100@test.in"
----------------------------------------
  Anchor to override: test100@test.in
  User login: syncuser07

[root@ipaclient02 ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start
Redirecting to /bin/systemctl stop  sssd.service
Redirecting to /bin/systemctl start  sssd.service

[root@ipaclient02 ~]# getent passwd syncuser07@test.in ; echo $?
syncuser07@test.in:*:10099:10000:test100:/home/test.in/test100:/bin/sh
0

[root@ipaclient02 ~]# getent passwd syncuser07@test.in ; echo $?
syncuser07@test.in:*:10099:10000:test100:/home/test.in/test100:/bin/sh
0

2. When the below steps are performed, the output for getent passwd is displayed for the first time.

[root@ipa02 sssd]# ipa idview-show hostview --show-hosts
  ID View Name: hostview
  User object overrides: test99@test.in
  Group object overrides: grp1@test.in
  Hosts the view applies to: ipaclient02.labs02.test

[root@ipaclient02 ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start
Redirecting to /bin/systemctl stop  sssd.service
Redirecting to /bin/systemctl start  sssd.service

[root@ipaclient02 ~]# getent passwd syncuser07@test.in ; echo $?
syncuser07@test.in:*:10099:10000:test100:/home/test.in/test100:/bin/sh
0

Comment 12 errata-xmlrpc 2015-11-19 11:38:10 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2355.html


Note You need to log in before you can comment on or make changes to this bug.