Bug 2196816 - [RHEL9] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed'
Summary: [RHEL9] [sssd] User lookup on IPA client fails with 's2n get_fqlist request f...
Keywords:
Status: VERIFIED
Alias: None
Deadline: 2023-06-05
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: sssd
Version: 9.1
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: rc
: ---
Assignee: Sumit Bose
QA Contact: Madhuri
URL:
Whiteboard: sync-to-jira
Depends On:
Blocks: 2196839
TreeView+ depends on / blocked
 
Reported: 2023-05-10 10:18 UTC by Alexey Tikhonov
Modified: 2023-07-11 09:48 UTC (History)
3 users (show)

Fixed In Version: sssd-2.9.1-1.el9
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 2196839 (view as bug list)
Environment:
Last Closed:
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github SSSD sssd issues 6720 0 None open [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' 2023-05-10 10:33:29 UTC
Github SSSD sssd pull 6721 0 None open sysdb: fix string comparison when checking for overrides 2023-05-10 10:33:29 UTC
Red Hat Issue Tracker RHELPLAN-156870 0 None None None 2023-05-10 10:20:38 UTC
Red Hat Issue Tracker SSSD-6052 0 None None None 2023-05-10 10:34:02 UTC

Description Alexey Tikhonov 2023-05-10 10:18:06 UTC 
This bug was initially created as a copy of Bug #2192708

I am copying this bug because: to track fix for RHEL9



## Description of problem ##
Trusted AD user information cannot be retrieved from IPA clients if trusted user name contains upper/mixed case characters and is configured with overrides.
IDM server is able to see the user running the same pkg release.

Operation returns:
~~~
(2023-04-20 16:16:27): [be[ipa.example.com]] [ipa_s2n_get_list_next] (0x0040): [RID#2] s2n exop request failed.
(2023-04-20 16:16:27): [be[ipa.example.com]] [ipa_s2n_get_list_done] (0x0040): [RID#2] s2n get_fqlist request failed.
~~~

## Version-Release number of selected component (if applicable) ##
sssd-2.7.3-4.el8_7.3.x86_64


## How reproducible ##
Always


## Steps to Reproduce ##
1. Deploy a user in AD with uppercase/mixed chars name (e.g., Con81001)
2. Configure a override for this user in IPA (sshPublicKey)
3. Perform user lookup or authentication attempt


## Actual results ##
id: ‘con81001.com’: no such user


## Expected results ##
uid=645601103(con81001.com) gid=645601103(con81001.com) groups=645601103(con81001.com)


## Additional info ##

Request from client fails with:
~~~
(2023-04-20 16:16:27): [be[ipa.example.com]] [ipa_s2n_get_list_step] (0x0400): [RID#2] Sending request_type: [REQ_FULL_WITH_MEMBERS] for object [con81001.com].
(2023-04-20 16:16:27): [be[ipa.example.com]] [ipa_s2n_exop_send] (0x0400): [RID#2] Executing extended operation
(2023-04-20 16:16:27): [be[ipa.example.com]] [ipa_s2n_exop_send] (0x2000): [RID#2] ldap_extended_operation sent, msgid = 17
-- snip --
(2023-04-20 16:16:27): [be[ipa.example.com]] [sdap_call_op_callback] (0x20000): [RID#2] Handling LDAP operation [17][server: [172.20.90.211:389] IPA EXOP] took [207.742] milliseconds.
(2023-04-20 16:16:27): [be[ipa.example.com]] [ipa_s2n_exop_done] (0x0040): [RID#2] ldap_extended_operation result: No such object(32), (null).
(2023-04-20 16:16:27): [be[ipa.example.com]] [sdap_op_destructor] (0x2000): [RID#2] Operation 17 finished
(2023-04-20 16:16:27): [be[ipa.example.com]] [ipa_s2n_get_list_next] (0x0040): [RID#2] s2n exop request failed.
(2023-04-20 16:16:27): [be[ipa.example.com]] [ipa_s2n_get_list_done] (0x0040): [RID#2] s2n get_fqlist request failed.
(2023-04-20 16:16:27): [be[ipa.example.com]] [sdap_id_op_done] (0x4000): [RID#2] releasing operation connection
~~~
Comment 1 Alexey Tikhonov 2023-05-10 10:33:30 UTC 
Upstream PR: https://github.com/SSSD/sssd/pull/6721
Comment 4 Alexey Tikhonov 2023-05-15 12:27:09 UTC 
Pushed PR: https://github.com/SSSD/sssd/pull/6721

* `master`
    * 01d02794e02f051ea9a78cd63b30384de3e7c9b0 - sysdb: fix string comparison when checking for overrides
* `sssd-2-9`
    * d104c01f1b3198779addee8178b10b047e64deb9 - sysdb: fix string comparison when checking for overrides
Note You need to log in before you can comment on or make changes to this bug.