Bug 1368496 - sssd is not able to authenticate with alias
Summary: sssd is not able to authenticate with alias
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: SSSD Maintainers
QA Contact: Steeve Goveas
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-19 14:50 UTC by Jakub Hrozek
Modified: 2020-05-02 18:27 UTC (History)
7 users (show)

Fixed In Version: sssd-1.14.0-34.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-04 07:20:41 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Github SSSD sssd issues 4167 0 None None None 2020-05-02 18:27:02 UTC
Red Hat Product Errata RHEA-2016:2476 0 normal SHIPPED_LIVE sssd bug fix and enhancement update 2016-11-03 14:08:11 UTC

Description Jakub Hrozek 2016-08-19 14:50:40 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/3134

Create user with few aliases
{{{
dn: uid=User_CS2,ou=Users,dc=example,dc=com
objectClass: account
objectClass: posixAccount
objectClass: extensibleObject
cn: User_CS2
uidNumber: 1111112
gidNumber: 1111112
homeDirectory: /home/User_CS2
loginShell: /bin/bash
uid: User_CS2
uid: User_CS2_Alias
}}}

Authenticate twice within ''pam_id_timeout'' timeout (5 seconds by default)
Expected result:
Both attempts should pass
Actual result:
The 2nd attempt fails
Comment 2 Lukas Slebodnik 2016-08-24 10:46:16 UTC 
master:
* 5691b2d668541585d2a8ae3ddb834f29d828036e
Comment 5 Steeve Goveas 2016-09-20 12:30:56 UTC 
Verified in version
sssd-1.14.0-42.el7

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: case_sensitive_01: case_sensitive=true lookup user, group and netgroup
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [  BEGIN   ] :: Running 'id User_CS1 | grep User_CS1_grp1'
uid=1111111(User_CS1) gid=1111111(User_CS1_grp1) groups=1111111(User_CS1_grp1)
:: [   PASS   ] :: Command 'id User_CS1 | grep User_CS1_grp1' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'id User_CS1_Alias | grep User_CS1_grp1'
uid=1111111(User_CS1) gid=1111111(User_CS1_grp1) groups=1111111(User_CS1_grp1)
:: [   PASS   ] :: Command 'id User_CS1_Alias | grep User_CS1_grp1' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'getent passwd User_CS1 | awk -F: '{print $1}' | grep User_CS1'
User_CS1
:: [   PASS   ] :: Command 'getent passwd User_CS1 | awk -F: '{print $1}' | grep User_CS1' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'getent passwd user_cs1'
:: [   PASS   ] :: Command 'getent passwd user_cs1' (Expected 2, got 2)
:: [  BEGIN   ] :: Running 'getent passwd User_CS1_Alias | awk -F: '{print $1}' | grep User_CS1'
User_CS1
:: [   PASS   ] :: Command 'getent passwd User_CS1_Alias | awk -F: '{print $1}' | grep User_CS1' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'getent passwd user_cs1_alias'
:: [   PASS   ] :: Command 'getent passwd user_cs1_alias' (Expected 2, got 2)
:: [  BEGIN   ] :: Running 'getent group User_CS1_grp1 | awk -F: '{print $1}' | grep User_CS1_grp1'
User_CS1_grp1
:: [   PASS   ] :: Command 'getent group User_CS1_grp1 | awk -F: '{print $1}' | grep User_CS1_grp1' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'getent group User_CS1_grp1 | awk -F: '{print $4}' | grep User_CS1'
User_CS1
:: [   PASS   ] :: Command 'getent group User_CS1_grp1 | awk -F: '{print $4}' | grep User_CS1' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'getent group user_cs1_grp1'
:: [   PASS   ] :: Command 'getent group user_cs1_grp1' (Expected 2, got 2)
:: [  BEGIN   ] :: Running 'getent group User_CS1_grp1_Alias | awk -F: '{print $1}' | grep User_CS1_grp1'
User_CS1_grp1
:: [   PASS   ] :: Command 'getent group User_CS1_grp1_Alias | awk -F: '{print $1}' | grep User_CS1_grp1' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'getent group User_CS1_grp1_Alias | awk -F: '{print $4}' | grep User_CS1'
User_CS1
:: [   PASS   ] :: Command 'getent group User_CS1_grp1_Alias | awk -F: '{print $4}' | grep User_CS1' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'getent group user_cs1_grp1'
:: [   PASS   ] :: Command 'getent group user_cs1_grp1' (Expected 2, got 2)
:: [  BEGIN   ] :: Running 'getent netgroup NetGroup_CS1 | awk -F: '{print $1}' | grep NetGroup_CS1'
NetGroup_CS1          (Host1.example.com,User1,example.com)
:: [   PASS   ] :: Command 'getent netgroup NetGroup_CS1 | awk -F: '{print $1}' | grep NetGroup_CS1' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'getent netgroup netgroup_cs1'
:: [   PASS   ] :: Command 'getent netgroup netgroup_cs1' (Expected 2, got 2)
:: [  BEGIN   ] :: Running 'getent netgroup NetGroup_CS1_Alias | awk -F: '{print $1}' | grep NetGroup_CS1'
NetGroup_CS1_Alias    (Host1.example.com,User1,example.com)
:: [   PASS   ] :: Command 'getent netgroup NetGroup_CS1_Alias | awk -F: '{print $1}' | grep NetGroup_CS1' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'getent netgroup netgroup_cs1_alias'
:: [   PASS   ] :: Command 'getent netgroup netgroup_cs1_alias' (Expected 2, got 2)
:: [  BEGIN   ] :: Running 'su_success User_CS1 Secret123'
:: [   PASS   ] :: Command 'su_success User_CS1 Secret123' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'su_success User_CS1_Alias Secret123'
:: [   PASS   ] :: Command 'su_success User_CS1_Alias Secret123' (Expected 0, got 0)
'174e7b92-7e47-452e-9e52-6d6bcd25cd13'
case-sensitive-01-case-sensitive-true-lookup-user-group-and-netgroup result: PASS
Comment 7 errata-xmlrpc 2016-11-04 07:20:41 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-2476.html
Note You need to log in before you can comment on or make changes to this bug.