Hide Forgot
Description of problem: sss_override does not work correctly when use_fully_qualified_names = True Version-Release number of selected component (if applicable): sssd-tools-1.13.0-11.el7.x86_64 How reproducible: Always Steps to Reproduce: Try to add an override user when 'use_fully_qualified_names = True', for example 'sss_override user-add dlavu@sssd2012.com -n dlavu1@sssd2012.com' Actual results: [root@rhel72beta db]# sss_override user-add dlavu@sssd2012.com -n dlavu1@sssd2012.com --debug 0x3ff0 (Mon Aug 17 12:25:31:014019 2015) [sssd] [ldb] (0x0400): server_sort:Unable to register control with rootdse! (Mon Aug 17 12:25:31:014114 2015) [sssd] [confdb_get_domain_internal] (0x0400): No enumeration for [sssd2012.com]! (Mon Aug 17 12:25:31:014149 2015) [sssd] [confdb_get_domain_internal] (0x1000): pwd_expiration_warning is -1 (Mon Aug 17 12:25:31:014171 2015) [sssd] [sysdb_domain_init_internal] (0x0200): DB File for sssd2012.com: /var/lib/sss/db/cache_sssd2012.com.ldb (Mon Aug 17 12:25:31:014223 2015) [sssd] [ldb] (0x0400): asq: Unable to register control with rootdse! (Mon Aug 17 12:25:31:014318 2015) [sssd] [sss_names_init_from_args] (0x0100): Using re [(((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$))]. (Mon Aug 17 12:25:31:014324 2015) [sssd] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s]. (Mon Aug 17 12:25:31:014380 2015) [sssd] [sss_parse_name_for_domains] (0x0200): name 'dlavu@sssd2012.com' matched expression for domain 'sssd2012.com', user is dlavu Unable to find user dlavu@sssd2012.com. Expected results: [root@rhel72beta db]# sss_override user-add dlavu@sssd2012.com -n dlavu1@sssd2012.com --debug 0x3ff0 (Mon Aug 17 12:22:03:866318 2015) [sssd] [ldb] (0x0400): server_sort:Unable to register control with rootdse! (Mon Aug 17 12:22:03:866410 2015) [sssd] [confdb_get_domain_internal] (0x0400): No enumeration for [sssd2012.com]! (Mon Aug 17 12:22:03:866435 2015) [sssd] [confdb_get_domain_internal] (0x1000): pwd_expiration_warning is -1 (Mon Aug 17 12:22:03:866456 2015) [sssd] [sysdb_domain_init_internal] (0x0200): DB File for sssd2012.com: /var/lib/sss/db/cache_sssd2012.com.ldb (Mon Aug 17 12:22:03:866504 2015) [sssd] [ldb] (0x0400): asq: Unable to register control with rootdse! (Mon Aug 17 12:22:03:866595 2015) [sssd] [sss_names_init_from_args] (0x0100): Using re [(((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$))]. (Mon Aug 17 12:22:03:866601 2015) [sssd] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s]. (Mon Aug 17 12:22:03:866657 2015) [sssd] [sss_parse_name_for_domains] (0x0200): name 'dlavu@sssd2012.com' matched expression for domain 'sssd2012.com', user is dlavu (Mon Aug 17 12:22:03:883083 2015) [sssd] [get_object_dn_and_domain] (0x0400): Trying to find user dlavu@sssd2012.com (Mon Aug 17 12:22:03:883168 2015) [sssd] [get_object_dn_and_domain] (0x0400): Domain of user dlavu is sssd2012.com (Mon Aug 17 12:22:03:883186 2015) [sssd] [prepare_view] (0x0400): Creating LOCAL view. SSSD needs to be restarted for the changes to take effect. Additional info:
Upstream ticket: https://fedorahosted.org/sssd/ticket/2757
Patch acked upstream, acking for RHEL
* master: 7eba58cfcf78e61af1c4ff98619aa97223eb7a5b
This is working in sssd-client-1.13.0-24.el7.x86_64 , however the override id doesn't return using getent. [root@rhel72 ~]# sss_override user-add dlavu@sssd2012.com -n dlavu1@sssd2012.com SSSD needs to be restarted for the changes to take effect. [root@rhel72 ~]# service sssd restart Redirecting to /bin/systemctl restart sssd.service [root@rhel72 ~]# getent passwd dlavu1 [root@rhel72 ~]# getent passwd dlavu1@sssd2012.com [root@rhel72 ~]# getent passwd dlavu@sssd2012.com dlavu1@sssd2012.com@sssd2012.com:*:349001105:349000513:Dan Lavu:/home/dlavu1@sssd2012.com:/bin/bash
I would suggest to try looking at the logs if dlavu1 was maybe already negatively cached from previous test runs. If not, then please file a new bug. Thank you very much for testing!
https://bugzilla.redhat.com/show_bug.cgi?id=1259512 - Filed.
Verified, testing against sssd-1.13.0-26.el7.x86_64. #################################### [root@test ~]# sss_override user-add -n dlavu1@sssd2012.com dlavu@sssd2012.com SSSD needs to be restarted for the changes to take effect. [root@test ~]# service sssd restart #################################### [sssd] domains = sssd2012.com config_file_version = 2 services = nss, pam [domain/sssd2012.com] ad_domain = sssd2012.com krb5_realm = SSSD2012.COM realmd_tags = manages-system joined-with-adcli cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = True fallback_homedir = /home/%u@%d access_provider = ad ####################################
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-2355.html