Bug 1263587 - sss_override --name doesn't work with RFC2307 and ghost users
Summary: sss_override --name doesn't work with RFC2307 and ghost users
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Pavel Březina
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-09-16 08:58 UTC by Jakub Hrozek
Modified: 2020-05-02 18:10 UTC (History)
11 users (show)

Fixed In Version: sssd-1.13.0-29.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-11-19 11:40:33 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github SSSD sssd issues 3831 None None None 2020-05-02 18:10:21 UTC
Red Hat Product Errata RHSA-2015:2355 normal SHIPPED_LIVE Low: sssd security, bug fix, and enhancement update 2015-11-19 10:27:42 UTC

Description Jakub Hrozek 2015-09-16 08:58:20 UTC
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/2790

I found out that we have issues when we override name in RFC2307 schema:
{{{
    jhrozek@hendrix ~ » sudo sss_cache -U                                                                                                                                                                          1 ↵
    [sudo] password for jhrozek:
    jhrozek@hendrix ~ » id user
    uid=12555(user) gid=12555(user) groups=12555(user),5801(secondary)
    jhrozek@hendrix ~ » sudo sss_cache -U
    jhrozek@hendrix ~ » sudo sss_override --help
    sudo: sss_override: command not found
    jhrozek@hendrix ~ » sudo sss_override --help                                                                                                                                                                   1 ↵
    sudo: sss_override: command not found
    jhrozek@hendrix ~ » sudo sss_override --help                                                                                                                                                                   1 ↵
    ldb: unable to dlopen /usr/lib64/ldb/modules/ldb/memberof.la : /usr/lib64/ldb/modules/ldb/memberof.la: invalid ELF header
    Usage:
    sss_override COMMAND COMMAND-ARGS
     
    Available commands:
    * user-add
    * user-del
    * user-import
    * user-export
    * group-add
    * group-del
    * group-import
    * group-export
     
    Common options:
      --debug=INT            Enable debug at level
    jhrozek@hendrix ~ » sudo sss_cache -U                                                                                                                                                                          1 ↵
    ldb: unable to dlopen /usr/lib64/ldb/modules/ldb/memberof.la : /usr/lib64/ldb/modules/ldb/memberof.la: invalid ELF header
    jhrozek@hendrix ~ » id user                    
    uid=12555(user) gid=12555(user) groups=12555(user),5801(secondary)
    jhrozek@hendrix ~ » sudo sss_override user-add --help
    ldb: unable to dlopen /usr/lib64/ldb/modules/ldb/memberof.la : /usr/lib64/ldb/modules/ldb/memberof.la: invalid ELF header
    Usage: sss_override user-add NAME [OPTIONS...]
      -n, --name=STRING      Override name
      -u, --uid=INT          Override uid (non-zero value)
      -g, --gid=INT          Override gid (non-zero value)
      -h, --home=STRING      Override home directory
      -s, --shell=STRING     Override shell
      -c, --gecos=STRING     Override gecos
     
    Help options:
      -?, --help             Show this help message
          --usage            Display brief usage message
    jhrozek@hendrix ~ » sudo sss_override user-add --name=big_boss user
    ldb: unable to dlopen /usr/lib64/ldb/modules/ldb/memberof.la : /usr/lib64/ldb/modules/ldb/memberof.la: invalid ELF header
    SSSD needs to be restarted for the changes to take effect.
    jhrozek@hendrix ~ » sudo systemctl restart sssd
    Warning: sssd.service changed on disk. Run 'systemctl daemon-reload' to reload units.
    jhrozek@hendrix ~ » sudo sss_cache -U                            
    ldb: unable to dlopen /usr/lib64/ldb/modules/ldb/memberof.la : /usr/lib64/ldb/modules/ldb/memberof.la: invalid ELF header
    jhrozek@hendrix ~ » id user                                        
    uid=12555(big_boss) gid=12555(user) groups=12555(user),5801
    jhrozek@hendrix ~ » id big_boss
    uid=12555(big_boss) gid=12555(user) groups=12555(user),5801
    jhrozek@hendrix ~ »
}}}

The secondary group doesn't resolve anymore.

Comment 1 Jakub Hrozek 2015-09-18 11:30:41 UTC
Fixed upstream:
    * 87e0dcaff945f8b8f30030309e16ba26935fcb7b
    * d5e26a3ec3fa1f217f0afd045a03b29d4f88fe1d
    * 9571c9ba5ee7f8aad24e9dec6c44ce21688fa044

Comment 3 Amith 2015-10-01 09:23:54 UTC
Verified the bug on SSSD Version: sssd-1.13.0-36.el7.x86_64

Steps followed during verification:

1. Create a rfc2307 user with a primary and secondary group.

2. Run the following commands and look for possible errors:

# id rfcUser
uid=2307(rfcUser) gid=2307(rfcGrp) groups=2307(rfcGrp),2308(secGrp)

# sss_override user-add --help
Usage: sss_override user-add NAME [OPTIONS...]
  -n, --name=STRING      Override name
  -u, --uid=INT          Override uid (non-zero value)
  -g, --gid=INT          Override gid (non-zero value)
  -h, --home=STRING      Override home directory
  -s, --shell=STRING     Override shell
  -c, --gecos=STRING     Override gecos

Help options:
  -?, --help             Show this help message
  --usage                Display brief usage message


# sss_override user-add rfcUser --name=big_boss
SSSD needs to be restarted for the changes to take effect.

# systemctl restart sssd

# sss_cache -U

3. Verify whether secondary group gets resolved OR not.

# id rfcUser
uid=2307(big_boss) gid=2307(rfcGrp) groups=2307(rfcGrp),2308(secGrp)

# id big_boss
uid=2307(big_boss) gid=2307(rfcGrp) groups=2307(rfcGrp),2308(secGrp)

# sss_override user-del rfcUser

# id rfcUser
uid=2307(big_boss) gid=2307(rfcGrp) groups=2307(rfcGrp),2308(secGrp)

# systemctl restart sssd

# id rfcUser
uid=2307(rfcUser) gid=2307(rfcGrp) groups=2307(rfcGrp),2308(secGrp)

# id big_boss
id: big_boss: no such user

Result: With the latest build, secondary group gets resolved and bug is fixed.

Comment 4 errata-xmlrpc 2015-11-19 11:40:33 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2355.html


Note You need to log in before you can comment on or make changes to this bug.