Bug 1215925 - SSSD [sysdb_store_user] (0x0040): Could not add user after update to 1.12.2-58 from 1.11.2-65
Summary: SSSD [sysdb_store_user] (0x0040): Could not add user after update to 1.12.2-5...
Status: CLOSED DUPLICATE of bug 1205382
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.1
Hardware: x86_64
OS: Linux
Target Milestone: rc
: ---
Assignee: SSSD Maintainers
QA Contact: Kaushik Banerjee
Depends On:
TreeView+ depends on / blocked
Reported: 2015-04-28 07:16 UTC by ilya
Modified: 2015-04-29 11:06 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-04-29 11:06:58 UTC

Attachments (Terms of Use)

Description ilya 2015-04-28 07:16:08 UTC
Description of problem:

After update sssd I can't enumerate groups for some users
id "username" return not all ad groups

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. install sssd 1.11.2-65, realmd join domain
2. id username return correct group list
3. update sssd 1.12.2-56
4. clear sssd cache
5. id username return uid, gid and one domain group

Actual results:
id evkogan
uid=19174(evkogan) gid=1513(domain users) groups=1513(domain users)

Expected results:
id evkogan
uid=19174(evkogan) gid=1513(domain users) groups=1513(domain users),24108772(fsorit1_rni_отдел поддержки центров обработки данных),23688216(fsorit1_tbi_отдел поддержки центров обработки данных),23761739(msk_prt__streams_it_projects_training_trainings_request_c), .....

Additional info:


domains = corp.tnk-bp.ru
config_file_version = 2
services = nss, pam

debug_level = 3
ad_domain = corp.domain.ru
krb5_realm = CORP.DOMAIN.RU
realmd_tags = manages-system joined-with-samba.
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
ldap_idmap_default_domain_sid = S-1-5-21-***-***-***
ldap_idmap_range_min = 1000
ldap_idmap_range_max = 2100000000
ldap_idmap_range_size = 100000000
ignore_group_members = True
override_homedir = /home/%f
fallback_homedir = /home/%d/%u
access_provider = simple
simple_allow_groups = corp\orn-unixlogin


[sssd[be[corp.tnk-bp.ru]]] [sysdb_set_entry_attr] (0x0080): ldb_modify failed: [Invalid attribute syntax]
[sssd[be[corp.tnk-bp.ru]]] [sysdb_set_entry_attr] (0x0040): Error: 22 (Invalid argument)
[sssd[be[corp.tnk-bp.ru]]] [sysdb_store_user] (0x0040): Could not add user
[sssd[be[corp.tnk-bp.ru]]] [sdap_save_user] (0x0020): Failed to save user [evkogan]
[sssd[be[corp.tnk-bp.ru]]] [sdap_save_users] (0x0040): Failed to store user 0. Ignoring.
[sssd[be[corp.tnk-bp.ru]]] [be_run_online_cb] (0x0080): Going online. Running callbacks.
[sssd[be[corp.tnk-bp.ru]]] [sysdb_set_entry_attr] (0x0080): ldb_modify failed: [Invalid attribute syntax]
[sssd[be[corp.tnk-bp.ru]]] [sysdb_set_entry_attr] (0x0040): Error: 22 (Invalid argument)
[sssd[be[corp.tnk-bp.ru]]] [sdap_save_user] (0x0020): Failed to save user [evkogan]
[sssd[be[corp.tnk-bp.ru]]] [ad_account_info_complete] (0x0010): Bug: dp_error is OK on failed request

Comment 3 Lukas Slebodnik 2015-04-28 07:35:09 UTC
It is either https://fedorahosted.org/sssd/ticket/2614
or https://fedorahosted.org/sssd/ticket/2588

It is already fixed in upstream and you can test with packages from testing repository

Comment 4 ilya 2015-04-29 10:42:47 UTC
it work, thanks.

Comment 5 Jakub Hrozek 2015-04-29 11:06:58 UTC
https://bugzilla.redhat.com/show_bug.cgi?id=1205382 is more probably the root cause, I'll close as duplicate of that one.

We're prepairing a 7.1 update for this issue in the near future..

*** This bug has been marked as a duplicate of bug 1205382 ***

Note You need to log in before you can comment on or make changes to this bug.