Bug 1214718 - Overridde with --login fails trusted adusers group membership resolution
Summary: Overridde with --login fails trusted adusers group membership resolution
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.1
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: SSSD Maintainers
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
: 1214673 (view as bug list)
Depends On: 1213940
Blocks: 1214673
TreeView+ depends on / blocked
 
Reported: 2015-04-23 12:43 UTC by Martin Kosek
Modified: 2020-05-02 18:02 UTC (History)
13 users (show)

Fixed In Version: sssd-1.13.0-0.1.alpha.el7
Doc Type: Bug Fix
Doc Text:
Clone Of: 1213940
Environment:
Last Closed: 2015-11-19 11:38:16 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github SSSD sssd issues 3673 None None None 2020-05-02 18:02:00 UTC
Red Hat Product Errata RHSA-2015:2355 normal SHIPPED_LIVE Low: sssd security, bug fix, and enhancement update 2015-11-19 10:27:42 UTC

Comment 1 Jakub Hrozek 2015-04-24 14:24:51 UTC
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2632

Comment 2 Jakub Hrozek 2015-04-24 14:27:43 UTC
*** Bug 1214673 has been marked as a duplicate of this bug. ***

Comment 3 Jakub Hrozek 2015-04-29 09:54:10 UTC
* master: 3453e4734d2f7738034af61edb7d33c0c7095d8a
* sssd-1-12: 85287a6b897d818d279171a83aa3c8a0de66f13b

Comment 5 Sudhir Menon 2015-09-29 11:31:30 UTC
Verified on RHEL7.2 and Windows 2012 R2.

sssd-1.13.0-35.el7.x86_64

Obseravtions: 
On Client group resolve doesn't fail prior to login. Group membership are resolved even if user login hasn't been done.

1. [root@ipa02 sssd]# ipa idoverrideuser-find 'default trust view' test11@test.in
---------------------------
0 User ID overrides matched
---------------------------
----------------------------
Number of entries returned 0
----------------------------

2. [root@ipa02 sssd]# service sssd stop ; rm -f /var/lib/sss/{db,mc}/* ; service sssd start
Redirecting to /bin/systemctl stop  sssd.service
Redirecting to /bin/systemctl start  sssd.service

3. [root@ipaclient02 ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start
Redirecting to /bin/systemctl stop  sssd.service
Redirecting to /bin/systemctl start  sssd.service

4. [root@ipaclient02 ~]# id test11@test.in
uid=10010(test11@test.in) gid=10000(grp2@test.in) groups=10000(grp2@test.in),10010(domain users@test.in)

===================================================
1. [root@ipa02 sssd]# ipa idoverrideuser-add 'default trust view' test11@test.in --login puser1
---------------------------------------
Added User ID override "test11@test.in"
---------------------------------------
  Anchor to override: test11@test.in
  User login: puser1

2. [root@ipaclient02 ~]# id test11@test.in
uid=10010(puser1@test.in) gid=10000(grp2@test.in) groups=10000(grp2@test.in),10010(domain users@test.in)

Comment 6 errata-xmlrpc 2015-11-19 11:38:16 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2355.html


Note You need to log in before you can comment on or make changes to this bug.