Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1320208

Summary: id does not list all groups after upgrade sssd-1.12.4-47 to sssd-1.13.3-22
Product: Red Hat Enterprise Linux 7 Reporter: Steeve Goveas <sgoveas>
Component: sssdAssignee: Petr Čech <pcech>
Status: CLOSED NOTABUG QA Contact: Steeve Goveas <sgoveas>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: grajaiya, jhrozek, lslebodn, mkosek, mzidek, pbrezina, pcech, sbose, sgoveas
Target Milestone: rc   
Target Release: 7.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-07-09 20:01:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
sssd logs none

Description Steeve Goveas 2016-03-22 14:53:59 UTC 
Description of problem:
id user command does not list all groups after upgrade from sssd-1.12.4-47.el6.x86_64 to sssd-1.13.3-22.el6.x86_64

Version-Release number of selected component (if applicable):
sssd-1.13.3-22.el6.x86_64

How reproducible:
always

Actual results:
:: [  BEGIN   ] :: bis_group_group_user2 :: actually running 'strict eval 'verify_output getent group bis_group_group_user2''
:: [   PASS   ] :: bis_group_group_user2 (Expected 0, got 0)
:: [  BEGIN   ] :: bis_broken_user2 :: actually running 'strict eval 'verify_output id bis_broken_user2''
Unexpected output of id bis_broken_user2:
uid=50002(bis_broken_user2) gid=60002(bis_broken_group_user2) groups=60002(bis_broken_group_user2)
expecting:
uid=50002(bis_broken_user2) gid=60002(bis_broken_group_user2) groups=60002(bis_broken_group_user2),60001(bis_broken_group_user1)
:: [   FAIL   ] :: bis_broken_user2 (Expected 0, got 1)
:: [  BEGIN   ] :: Running 'strict eval 'id localuser1 | grep localgroup1''
uid=1011(localuser1) gid=1011(localuser1) groups=1011(localuser1),1010(localgroup1)
:: [   PASS   ] :: Command 'strict eval 'id localuser1 | grep localgroup1'' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'strict eval 'su_success localuser1 Local_123''
:: [   PASS   ] :: Command 'strict eval 'su_success localuser1 Local_123'' (Expected 0, got 0)

Expected results:
[root@vm-idm-003 ~]# id bis_broken_user2
uid=50002(bis_broken_user2) gid=60002(bis_broken_group_user2) groups=60002(bis_broken_group_user2),60001(bis_broken_group_user1)

Additional info:
purging the logs resolves the issue, but only a sssd restart does not resolve the issue

[root@vm-idm-007 ~]# date
Tue Mar 22 17:15:05 IST 2016
[root@vm-idm-007 ~]# id bis_broken_user2
uid=50002(bis_broken_user2) gid=60002(bis_broken_group_user2) groups=60002(bis_broken_group_user2)
[root@vm-idm-007 ~]# service sssd restart
Stopping sssd: [  OK  ]
Starting sssd: [  OK  ]
[root@vm-idm-007 ~]# id bis_broken_user2
uid=50002(bis_broken_user2) gid=60002(bis_broken_group_user2) groups=60002(bis_broken_group_user2)
[root@vm-idm-007 ~]# date
Tue Mar 22 17:15:32 IST 2016
Comment 1 Steeve Goveas 2016-03-22 14:56:52 UTC 
(In reply to Steeve Goveas from comment #0)

Additional info:
purging the cache resolves the issue, a sssd restart without purging does not resolve the issue
 
> [root@vm-idm-007 ~]# date
> Tue Mar 22 17:15:05 IST 2016
> [root@vm-idm-007 ~]# id bis_broken_user2
> uid=50002(bis_broken_user2) gid=60002(bis_broken_group_user2)
> groups=60002(bis_broken_group_user2)
> [root@vm-idm-007 ~]# service sssd restart
> Stopping sssd: [  OK  ]
> Starting sssd: [  OK  ]
> [root@vm-idm-007 ~]# id bis_broken_user2
> uid=50002(bis_broken_user2) gid=60002(bis_broken_group_user2)
> groups=60002(bis_broken_group_user2)
> [root@vm-idm-007 ~]# date
> Tue Mar 22 17:15:32 IST 2016
Comment 4 Jakub Hrozek 2016-03-22 19:21:31 UTC 
This bug report has no details to work with. Please follow https://fedorahosted.org/sssd/wiki/Reporting_sssd_bugs to see what information we generally need to fix a bug.

Thank you for reporting the bug nonetheless!
Comment 6 Steeve Goveas 2016-03-23 07:33:25 UTC 
Created attachment 1139364 [details]
sssd logs
Comment 8 Lukas Slebodnik 2016-03-23 21:02:13 UTC 
The most suspicious thing is that invalidation of sssd cache does not help.
There are more more domains defined: rfc2307, rfc2307bis, rfc2307bis_broken, proxy, LOCAL

and only problematic is "rfc2307bis_broken". I do not know how it is broken.

But I can see the same bug in following upgrades
rhel6.7 -> rhel6.8
rhel6.6 -> rhel6.8
rhel6.5 -> rhel6.8

rhel6.6 -> rhel6.7
rhel6.8 -> sssd upstrem master.
Comment 10 Sumit Bose 2016-03-24 14:12:15 UTC 
Please try to collect the sssd_nss logs as well. It looks like after the upgrade the fc2307bis_broken backend does not receive any requests for object from its domain. Maybe there is a collision with one of the other backends?
Comment 11 Jakub Hrozek 2016-03-28 18:46:28 UTC 
Not a regression -> removing the Regression keyword.
Comment 12 Jakub Hrozek 2016-03-30 14:52:03 UTC 
Since this issue is not affecting a real deployment and there is an easy workaround, I'm moving this bug to RHEL-7 and reproposing to 7.3
Comment 13 Jakub Hrozek 2016-03-30 14:52:50 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2979
Comment 15 Jakub Hrozek 2016-11-14 11:09:41 UTC 
Petr did some work in this area and fixed a number of bugs. Petr, I wonder if you have time to re-test this bug? (Not totally urgent, but please add this to your todo list..)
Comment 16 Lukas Slebodnik 2016-11-25 08:57:55 UTC 
Needinfo flag was removed without providing any info.
Setting it back.