Bug 1371977 - resolving IPA nested user groups is broken in 1.14
Summary: resolving IPA nested user groups is broken in 1.14
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Sumit Bose
QA Contact: Steeve Goveas
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-31 15:16 UTC by Jakub Hrozek
Modified: 2020-05-02 18:28 UTC (History)
9 users (show)

Fixed In Version: sssd-1.14.0-34.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-04 07:21:04 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Github SSSD sssd issues 4196 0 None closed resolving IPA nested user group is broken in 1.14 2020-12-04 03:07:32 UTC
Red Hat Product Errata RHEA-2016:2476 0 normal SHIPPED_LIVE sssd bug fix and enhancement update 2016-11-03 14:08:11 UTC

Description Jakub Hrozek 2016-08-31 15:16:59 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/3163

due to using fqdns in the cache:
https://github.com/SSSD/sssd/pull/7
Comment 2 Jakub Hrozek 2016-08-31 15:37:19 UTC 
To reproduce, set up a hierarchy like this:
$ ipa group-show group20
Group name: group20
GID: 935600011
Member groups: group10, group11
Indirect Member users: user1

$ ipa group-show group10
Group name: group10
GID: 935600008
Member users: user1
Member of groups: group20

$ ipa group-show group11
Group name: group11
GID: 935600009
Member users: user1
Member of groups: group20

Before the patch, group20 isn't resolved, after the patch it is.
Comment 3 Jakub Hrozek 2016-09-01 12:03:26 UTC 
master: 5bd3bef4a655fdfacd2f5df8a2343fe7bc68a771
Comment 7 Sudhir Menon 2016-09-19 13:02:31 UTC 
id command displays all the groups.

[root@master sssd]# id user1
uid=539000012(user1) gid=539000012(user1) groups=539000012(user1),539000016(group20),539000018(group11),539000017(group10)
Comment 8 Sudhir Menon 2016-09-19 13:12:19 UTC 
Verified on RHEL7.3 using sssd-1.14.0-42.el7.x86_64

[root@master sssd]# id user1
uid=539000012(user1) gid=539000012(user1) groups=539000012(user1),539000016(group20),539000018(group11),539000017(group10)

[root@client ~]# id user1
uid=539000012(user1) gid=539000012(user1) groups=539000012(user1),539000016(group20),539000017(group10),539000018(group11)
Comment 10 errata-xmlrpc 2016-11-04 07:21:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-2476.html
Note You need to log in before you can comment on or make changes to this bug.