Bug 1214718 – Overridde with --login fails trusted adusers group membership resolution

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1214718 - Overridde with --login fails trusted adusers group membership resolution

Summary:	Overridde with --login fails trusted adusers group membership resolution

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	sssd (Show other bugs)
Sub Component:
Version:	7.1
Hardware:	Unspecified Unspecified

Priority	medium Severity unspecified
Target Milestone:	rc
Target Release:	---
Assigned To:	SSSD Maintainers
QA Contact:	Kaushik Banerjee
Docs Contact:

URL:
Whiteboard:
Keywords:

Duplicates:	1214673 (view as bug list)
Depends On:	1213940
Blocks:	1214673
	Show dependency tree / graph

Reported:	2015-04-23 08:43 EDT by Martin Kosek
Modified:	2015-11-19 06:38 EST (History)
CC List:	13 users (show)

See Also:
Fixed In Version:	sssd-1.13.0-0.1.alpha.el7
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:	1213940
Environment:
Last Closed:	2015-11-19 06:38:16 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:2355	normal	SHIPPED_LIVE	Low: sssd security, bug fix, and enhancement update	2015-11-19 05:27:42 EST

Groups: None (edit)

Comment 1 Jakub Hrozek 2015-04-24 10:24:51 EDT

Upstream ticket:
https://fedorahosted.org/sssd/ticket/2632

Comment 2 Jakub Hrozek 2015-04-24 10:27:43 EDT

*** Bug 1214673 has been marked as a duplicate of this bug. ***

Comment 3 Jakub Hrozek 2015-04-29 05:54:10 EDT

* master: 3453e4734d2f7738034af61edb7d33c0c7095d8a
* sssd-1-12: 85287a6b897d818d279171a83aa3c8a0de66f13b

Comment 5 Sudhir Menon 2015-09-29 07:31:30 EDT

Verified on RHEL7.2 and Windows 2012 R2.

sssd-1.13.0-35.el7.x86_64

Obseravtions: 
On Client group resolve doesn't fail prior to login. Group membership are resolved even if user login hasn't been done.

1. [root@ipa02 sssd]# ipa idoverrideuser-find 'default trust view' test11@test.in
---------------------------
0 User ID overrides matched
---------------------------
----------------------------
Number of entries returned 0
----------------------------

2. [root@ipa02 sssd]# service sssd stop ; rm -f /var/lib/sss/{db,mc}/* ; service sssd start
Redirecting to /bin/systemctl stop  sssd.service
Redirecting to /bin/systemctl start  sssd.service

3. [root@ipaclient02 ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start
Redirecting to /bin/systemctl stop  sssd.service
Redirecting to /bin/systemctl start  sssd.service

4. [root@ipaclient02 ~]# id test11@test.in
uid=10010(test11@test.in) gid=10000(grp2@test.in) groups=10000(grp2@test.in),10010(domain users@test.in)

===================================================
1. [root@ipa02 sssd]# ipa idoverrideuser-add 'default trust view' test11@test.in --login puser1
---------------------------------------
Added User ID override "test11@test.in"
---------------------------------------
  Anchor to override: test11@test.in
  User login: puser1

2. [root@ipaclient02 ~]# id test11@test.in
uid=10010(puser1@test.in) gid=10000(grp2@test.in) groups=10000(grp2@test.in),10010(domain users@test.in)

Comment 6 errata-xmlrpc 2015-11-19 06:38:16 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2355.html

Note You need to log in before you can comment on or make changes to this bug.