Description of problem: The field ldap_netgroup_search_base does not get evaluated. Instead ldap_search_base appears to be used. from man sssd-ldap: ldap_netgroup_search_base (string) An optional base DN to restrict netgroup searches to a specific subtree. Version-Release number of selected component (if applicable): RHEL 6 beta2 with ding-libs-0.1.2-3.fc15.src.rpm, sssd-1.4.0-2.fc15.src.rpm from rawhide. How reproducible: always Steps to Reproduce: 1. rebuild ding-libs-0.1.2-3.fc15.src.rpm, sssd-1.4.0-2.fc15.src.rpm on system and install it (I was runnign RHEL6 beta2 refresh) 2. in /etc/sssd/sssd.conf have ldap_schema = rfc2307 ldap_search_base = ou=isg,ou=inf,ou=auth,o=ethz,c=ch ldap_user_search_base = ou=users,ou=isg,ou=inf,ou=auth,o=ethz,c=ch ldap_group_search_base = ou=group,ou=inf,ou=auth,o=ethz,c=ch ldap_netgroup_search_base = ou=netgroup,ou=inf,ou=auth,o=ethz,c=ch 3. configure sssd.conf with the lines above (+ have a otherwise running config) 4. in /etc/nsswitch.conf change settings to netgroup: files sss 5. restart service sssd 6. do your netgroup query and watch how it uses ldap_search_base rather than ldap_netgroup_search_base (getent netgroup baumanmo in my example) Actual results: /var/log/sssd/sssd_D.ETHZ.CH.log shows after a "getent netgroup baumanmo": (Sun Oct 31 10:25:14 2010) [sssd[be[D.ETHZ.CH]]] [sdap_get_generic_send] (6): calling ldap_search_ext with [(&(cn=baumanmo)(objectclass=nisNetgroup))][ou=isg,ou=inf,ou=auth,o=ethz,c=ch]. Expected results: /var/log/sssd/sssd_D.ETHZ.CH.log shows after a "getent netgroup baumanmo": (Sun Oct 31 10:25:14 2010) [sssd[be[D.ETHZ.CH]]] [sdap_get_generic_send] (6): calling ldap_search_ext with [(&(cn=baumanmo)(objectclass=nisNetgroup))][ou=netgroup,ou=inf,ou=auth,o=ethz,c=ch]. Additional info: I have reported this bug as a comment to https://bugzilla.redhat.com/show_bug.cgi?id=645726. Please feel free to to delete that remark if inappropriate there.
diff -Nur sssd-1.4.0/src/providers/ldap/sdap_async_netgroups.c sssd-1.4.0.patch/src/providers/ldap/sdap_async_netgroups.c --- sssd-1.4.0/src/providers/ldap/sdap_async_netgroups.c 2010-10-18 20:03:45.000000000 +0200 +++ sssd-1.4.0.patch/src/providers/ldap/sdap_async_netgroups.c 2010-10-31 14:57:51.963194696 +0100 @@ -603,7 +603,7 @@ subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, dp_opt_get_string(state->opts->basic, - SDAP_SEARCH_BASE), + SDAP_NETGROUP_SEARCH_BASE), LDAP_SCOPE_SUBTREE, state->filter, state->attrs, state->opts->netgroup_map, builds on my fedora13 (with new ding-libs) but I have no ldap here to test. does not passes the test suite on my RHEL6 Beta2 at work.
https://fedorahosted.org/sssd/ticket/661
Your patch is obviously correct. Can you explain what you mean by "does not passes the test suite on my RHEL6 Beta2 at work." Does it mean 'make check' returns an error? Thank you for sending this patch to sssd-devel.org. I will change it to a git-formatted patch and add you as the author.
Created attachment 456822 [details] output of make check
interestingly these tests run fine when I build the rpm as root, but not when running as normal user.
I can see a similar output if I run the test as a normal user, but tests_sysdb/tests_conf.ldb is owned by root. Can you remove everything in test_sysdb/ and run the test as a normal user again?
I'm not sure I understand. I downloaded the src.rpm added the patch as patch0: added a %patch0 -p1 and did a rpmbuild --ba. This whole thing I did once as regular user (so all files belonged to baumanmo) and once as root, so all files belonged to root. The rpmbuild as root works, and the tests fail as user.
Can you check if your spec file uses '--with-test-dir=/dev/shm' to speed up the 'make check' run? If yes, either remove this option or remove the /dev/shm/tests_sysdb/ directory before starting a new 'rpmbuild -ba'
yes the specfile from rawide had a --with-test-dir=/dev/shm. Removing this lead to a fine build. Thanks, Moritz
sssd-1.4.1-1.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/sssd-1.4.1-1.fc14
sssd-1.4.1-1.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update sssd'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/sssd-1.4.1-1.fc14
sssd-1.4.1-1.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.