1884281 – Secondary LDAP group go missing from 'id' command

Bug 1884281 - Secondary LDAP group go missing from 'id' command

Summary: Secondary LDAP group go missing from 'id' command

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	sssd
Sub Component:
Version:	8.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	8.0
Assignee:	Tomas Halman
QA Contact:	Steeve Goveas
Docs Contact:
URL:
Whiteboard:	sync-to-jira
Depends On:	1881992
Blocks:
TreeView+	depends on / blocked

Reported:	2020-10-01 14:28 UTC by Alexey Tikhonov
Modified:	2021-05-18 15:04 UTC (History)
CC List:	7 users (show)
Fixed In Version:	sssd-2.4.0-1.el8
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-05-18 15:03:59 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	SSSD sssd issues 5261	0	None	closed	Secondary LDAP group go missing from 'id' command on RHEL 7.8 with sssd-1.16.2-37.el7_8.1	2020-12-04 16:29:19 UTC

Description Alexey Tikhonov 2020-10-01 14:28:44 UTC

This bug was initially created as a copy of Bug #1859554

I am copying this bug because: to track fix for RHEL8



Description of problem:
Secondary LDAP group go missing from 'id' command on RHEL 7.8 with sssd-1.16.2-37.el7_8.1

Version-Release number of selected component (if applicable):
sssd-1.16.2-37.el7_8.1.x86_64

How reproducible:
Always on RHEL 7.8

Steps to Reproduce:
1. Configure sssd and point it to LDAP server with 'id_provider = ldap' mode.
2. Run 'id ldapusername' command.
3. Secondary groups would go missing from 'id' output after 25-30 mins.

Actual results:
Secondary groups go missing from 'id' output after 25-30 mins.

Expected results:
Secondary groups should always be visible in 'id' output.

Additional info:
Same SSSD configuration works very well with older version of sssd on RHEL 7.7 (tested with sssd-1.16.4-21.el7.x86_64).

Comment 1 Alexey Tikhonov 2020-10-01 14:38:18 UTC

PR: https://github.com/SSSD/sssd/pull/5262

Comment 3 Alexey Tikhonov 2020-10-02 10:37:01 UTC

Pushed PR: https://github.com/SSSD/sssd/pull/5262

* `master`
    * 88631392e9172ae4fa3e411398516a2f39f0060e - intg: allow member DN to have a different case
    * 50d0d154cedb6915ab321b47c40851c40e91cf41 - ldap: use member DN to create ghost user hash table
    * fe0f1e64e8a77dadde699495c7eb368ce61ac992 - UTIL: Use sss_sanitize_dn where we deal with DN 2
    * 21b9417e14ce35a2548c309642325ac43103d51e - UTIL: Use sss_sanitize_dn where we deal with DN
    * 093061f553ab0a2c316794221e79779fb1bd40d2 - UTIL: DN sanitization

Comment 10 errata-xmlrpc 2021-05-18 15:03:59 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (sssd bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:1666

Note You need to log in before you can comment on or make changes to this bug.