Bug 1251398 - group name not sanitized properly for rfc2307 schema
group name not sanitized properly for rfc2307 schema
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Pavel Reichl
Kaushik Banerjee
Depends On:
  Show dependency treegraph
Reported: 2015-08-07 04:42 EDT by Nirupama Karandikar
Modified: 2016-05-05 00:36 EDT (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-08-11 02:59:38 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Nirupama Karandikar 2015-08-07 04:42:06 EDT
Description of problem:
group lookup not working with sssd-1.13.0-11.el7

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Add following group in 389DS.
# group(_u)ser1, Groups, example.com
dn: cn=group(_u)ser1,ou=Groups,dc=example,dc=com
gidNumber: 20000
objectClass: top
objectClass: PosixGroup
memberUid: uid=t(u)ser,ou=Users,dc=example,dc=com
cn: group(_u)ser1

2.Configure sssd with ldap provider.
debug_level = 9
ldap_search_base = dc=example,dc=com
id_provider = ldap
auth_provider = ldap
sudo_provider = ldap
ldap_uri = ldap://dhcp207-102.lab.eng.pnq.redhat.com
cache_credentials = True
ldap_tls_cacert = /etc/openldap/certs/cacert.pem

3.Group lookup fails.

# getent group group\(_u\)ser1
Actual results:
Group lookup fails.

Expected results:
Group lookup should work.

Additional info:
from domain logs :
(Fri Aug  7 13:32:54 2015) [sssd[be[LDAP]]] [sysdb_search_by_name] (0x0400): No such entry
(Fri Aug  7 13:32:54 2015) [sssd[be[LDAP]]] [sdap_process_group_members_2307] (0x1000): member #0 (uid=t(u)ser,ou=Users,dc=example,dc=com): not found in sysdb
(Fri Aug  7 13:32:54 2015) [sssd[be[LDAP]]] [sysdb_search_users] (0x2000): Search users with filter: (&(objectclass=user)(nameAlias=uid=t(u)ser,ou=Users,dc=example,dc=com))
(Fri Aug  7 13:32:54 2015) [sssd[be[LDAP]]] [sysdb_search_users] (0x0080): Error: 5 (Input/output error)
(Fri Aug  7 13:32:54 2015) [sssd[be[LDAP]]] [sdap_process_group_members_2307] (0x0020): Error processing missing member #0 (uid=t(u)ser,ou=Users,dc=example,dc=com):
(Fri Aug  7 13:32:54 2015) [sssd[be[LDAP]]] [ldb] (0x4000): cancel ldb transaction (nesting: 0)
(Fri Aug  7 13:32:54 2015) [sssd[be[LDAP]]] [sdap_id_op_done] (0x0200): communication error on cached connection, moving to next server
(Fri Aug  7 13:32:54 2015) [sssd[be[LDAP]]] [sdap_id_op_done] (0x4000): advising for connection retry #1
(Fri Aug  7 13:32:54 2015) [sssd[be[LDAP]]] [sdap_id_op_done] (0x4000): releasing operation connection
(Fri Aug  7 13:32:54 2015) [sssd[be[LDAP]]] [sdap_id_release_conn_data] (0x4000): releasing unused connection
(Fri Aug  7 13:32:54 2015) [sssd[be[LDAP]]] [sdap_handle_release] (0x2000): Trace: sh[0x7fada72fd040], connected[1], ops[(nil)], ldap[0x7fada72fd8d0], destructor_lock[0], release_memory[0]
Comment 2 Nirupama Karandikar 2015-08-07 05:16:25 EDT
Marking this as Testblocker as lot of other tests are failing due to this.

Comment 5 Nirupama Karandikar 2015-08-11 00:50:24 EDT

Adding "memberUid:t(u)user" in the schema helped. Group enumeration is working fine now. 

Thanks much,
Comment 6 Lukas Slebodnik 2015-08-11 02:36:40 EDT
(In reply to Nirupama Karandikar from comment #5)
> Hello,
> Adding "memberUid:t(u)user" in the schema helped. Group enumeration is
> working fine now. 
> Thanks much,
> Niru

So, could you remove test-blocker flag or close the bug?

Note You need to log in before you can comment on or make changes to this bug.