Bug 648150 - ldap_netgroup_search_base not working
Summary: ldap_netgroup_search_base not working
Alias: None
Product: Fedora
Classification: Fedora
Component: sssd
Version: rawhide
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Stephen Gallagher
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2010-10-31 09:59 UTC by Moritz Baumann
Modified: 2020-05-02 16:17 UTC (History)
5 users (show)

Fixed In Version: sssd-1.4.1-1.fc14
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2010-11-16 23:19:37 UTC
Type: ---

Attachments (Terms of Use)
output of make check (115.43 KB, text/plain)
2010-11-01 09:06 UTC, Moritz Baumann
no flags Details

System ID Priority Status Summary Last Updated
Github SSSD sssd issues 1703 None closed Search base is incorrect for the netgroups search 2020-05-02 16:17:01 UTC

Description Moritz Baumann 2010-10-31 09:59:58 UTC
Description of problem:

The field ldap_netgroup_search_base does not get evaluated. Instead ldap_search_base appears to be used.

from man sssd-ldap:
      ldap_netgroup_search_base (string)
           An optional base DN to restrict netgroup searches to a specific

Version-Release number of selected component (if applicable):

RHEL 6 beta2 with ding-libs-0.1.2-3.fc15.src.rpm, sssd-1.4.0-2.fc15.src.rpm from rawhide.

How reproducible:

Steps to Reproduce:
1. rebuild ding-libs-0.1.2-3.fc15.src.rpm, sssd-1.4.0-2.fc15.src.rpm on
system and install it (I was runnign RHEL6 beta2 refresh)
2. in /etc/sssd/sssd.conf have
   ldap_schema = rfc2307
   ldap_search_base = ou=isg,ou=inf,ou=auth,o=ethz,c=ch
   ldap_user_search_base = ou=users,ou=isg,ou=inf,ou=auth,o=ethz,c=ch
   ldap_group_search_base = ou=group,ou=inf,ou=auth,o=ethz,c=ch
   ldap_netgroup_search_base = ou=netgroup,ou=inf,ou=auth,o=ethz,c=ch
3. configure sssd.conf with the lines above (+ have a otherwise running
4. in /etc/nsswitch.conf change settings to netgroup:  files sss
5. restart service sssd
6. do your netgroup query and watch how it uses ldap_search_base rather than
ldap_netgroup_search_base (getent netgroup baumanmo in my example)

Actual results:

/var/log/sssd/sssd_D.ETHZ.CH.log shows after a "getent netgroup baumanmo":

(Sun Oct 31 10:25:14 2010) [sssd[be[D.ETHZ.CH]]] [sdap_get_generic_send] (6):
calling ldap_search_ext with

Expected results:

/var/log/sssd/sssd_D.ETHZ.CH.log shows after a "getent netgroup baumanmo":

(Sun Oct 31 10:25:14 2010) [sssd[be[D.ETHZ.CH]]] [sdap_get_generic_send] (6):
calling ldap_search_ext with

Additional info:

I have reported this bug as a comment to https://bugzilla.redhat.com/show_bug.cgi?id=645726. 
Please feel free to to delete that remark if inappropriate there.

Comment 1 Moritz Baumann 2010-10-31 14:27:31 UTC
diff -Nur sssd-1.4.0/src/providers/ldap/sdap_async_netgroups.c sssd-1.4.0.patch/src/providers/ldap/sdap_async_netgroups.c
--- sssd-1.4.0/src/providers/ldap/sdap_async_netgroups.c        2010-10-18 20:03:45.000000000 +0200
+++ sssd-1.4.0.patch/src/providers/ldap/sdap_async_netgroups.c  2010-10-31 14:57:51.963194696 +0100
@@ -603,7 +603,7 @@
     subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh,
-                                                     SDAP_SEARCH_BASE),
+                                                     SDAP_NETGROUP_SEARCH_BASE),
                                    state->filter, state->attrs,

builds on my fedora13 (with new ding-libs) but I have no ldap here to test.

does not passes the test suite on my RHEL6 Beta2 at work.

Comment 2 Dmitri Pal 2010-11-01 03:59:54 UTC

Comment 3 Sumit Bose 2010-11-01 08:02:36 UTC
Your patch is obviously correct. Can you explain what you mean by "does not passes the test suite on my RHEL6 Beta2 at work." Does it mean 'make check' returns an error?

Thank you for sending this patch to sssd-devel@lists.fedorahosted.org. I will change it to a git-formatted patch and add you as the author.

Comment 4 Moritz Baumann 2010-11-01 09:06:07 UTC
Created attachment 456822 [details]
output of make check

Comment 5 Moritz Baumann 2010-11-01 09:19:37 UTC
interestingly these tests run fine when I build the rpm as root, but not when running as normal user.

Comment 6 Sumit Bose 2010-11-01 09:28:23 UTC
I can see a similar output if I run the test as a normal user, but tests_sysdb/tests_conf.ldb is owned by root. Can you remove everything in test_sysdb/ and run the test as a normal user again?

Comment 7 Moritz Baumann 2010-11-01 10:52:06 UTC
I'm not sure I understand.

I downloaded the src.rpm added the patch as patch0:

added a %patch0 -p1

and did a rpmbuild --ba.

This whole thing I did once as regular user (so all files belonged to baumanmo)

and once as root, so all files belonged to root.

The rpmbuild as root works, and the tests fail as user.

Comment 8 Sumit Bose 2010-11-01 14:45:41 UTC
Can you check if your spec file uses '--with-test-dir=/dev/shm' to speed up the 'make check' run? If yes, either remove this option or remove the /dev/shm/tests_sysdb/ directory before starting a new 'rpmbuild -ba'

Comment 9 Moritz Baumann 2010-11-01 16:14:16 UTC
yes the specfile from rawide had a --with-test-dir=/dev/shm. 

Removing this lead to a fine build.


Comment 10 Fedora Update System 2010-11-05 18:34:36 UTC
sssd-1.4.1-1.fc14 has been submitted as an update for Fedora 14.

Comment 11 Fedora Update System 2010-11-06 23:40:55 UTC
sssd-1.4.1-1.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update sssd'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/sssd-1.4.1-1.fc14

Comment 12 Fedora Update System 2010-11-16 23:19:27 UTC
sssd-1.4.1-1.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.