Bug 648150 - ldap_netgroup_search_base not working
ldap_netgroup_search_base not working
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: sssd (Show other bugs)
rawhide
i386 Linux
low Severity medium
: ---
: ---
Assigned To: Stephen Gallagher
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-10-31 05:59 EDT by Moritz Baumann
Modified: 2010-11-16 18:19 EST (History)
5 users (show)

See Also:
Fixed In Version: sssd-1.4.1-1.fc14
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-11-16 18:19:37 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
output of make check (115.43 KB, text/plain)
2010-11-01 05:06 EDT, Moritz Baumann
no flags Details

  None (edit)
Description Moritz Baumann 2010-10-31 05:59:58 EDT
Description of problem:

The field ldap_netgroup_search_base does not get evaluated. Instead ldap_search_base appears to be used.

from man sssd-ldap:
      ldap_netgroup_search_base (string)
           An optional base DN to restrict netgroup searches to a specific
           subtree.


Version-Release number of selected component (if applicable):

RHEL 6 beta2 with ding-libs-0.1.2-3.fc15.src.rpm, sssd-1.4.0-2.fc15.src.rpm from rawhide.


How reproducible:
   always 

Steps to Reproduce:
1. rebuild ding-libs-0.1.2-3.fc15.src.rpm, sssd-1.4.0-2.fc15.src.rpm on
system and install it (I was runnign RHEL6 beta2 refresh)
2. in /etc/sssd/sssd.conf have
   ldap_schema = rfc2307
   ldap_search_base = ou=isg,ou=inf,ou=auth,o=ethz,c=ch
   ldap_user_search_base = ou=users,ou=isg,ou=inf,ou=auth,o=ethz,c=ch
   ldap_group_search_base = ou=group,ou=inf,ou=auth,o=ethz,c=ch
   ldap_netgroup_search_base = ou=netgroup,ou=inf,ou=auth,o=ethz,c=ch
3. configure sssd.conf with the lines above (+ have a otherwise running
config)
4. in /etc/nsswitch.conf change settings to netgroup:  files sss
5. restart service sssd
6. do your netgroup query and watch how it uses ldap_search_base rather than
ldap_netgroup_search_base (getent netgroup baumanmo in my example)


Actual results:

/var/log/sssd/sssd_D.ETHZ.CH.log shows after a "getent netgroup baumanmo":


(Sun Oct 31 10:25:14 2010) [sssd[be[D.ETHZ.CH]]] [sdap_get_generic_send] (6):
calling ldap_search_ext with
[(&(cn=baumanmo)(objectclass=nisNetgroup))][ou=isg,ou=inf,ou=auth,o=ethz,c=ch].


Expected results:

/var/log/sssd/sssd_D.ETHZ.CH.log shows after a "getent netgroup baumanmo":

(Sun Oct 31 10:25:14 2010) [sssd[be[D.ETHZ.CH]]] [sdap_get_generic_send] (6):
calling ldap_search_ext with
[(&(cn=baumanmo)(objectclass=nisNetgroup))][ou=netgroup,ou=inf,ou=auth,o=ethz,c=ch].


Additional info:

I have reported this bug as a comment to https://bugzilla.redhat.com/show_bug.cgi?id=645726. 
Please feel free to to delete that remark if inappropriate there.
Comment 1 Moritz Baumann 2010-10-31 10:27:31 EDT
diff -Nur sssd-1.4.0/src/providers/ldap/sdap_async_netgroups.c sssd-1.4.0.patch/src/providers/ldap/sdap_async_netgroups.c
--- sssd-1.4.0/src/providers/ldap/sdap_async_netgroups.c        2010-10-18 20:03:45.000000000 +0200
+++ sssd-1.4.0.patch/src/providers/ldap/sdap_async_netgroups.c  2010-10-31 14:57:51.963194696 +0100
@@ -603,7 +603,7 @@
 
     subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh,
                                    dp_opt_get_string(state->opts->basic,
-                                                     SDAP_SEARCH_BASE),
+                                                     SDAP_NETGROUP_SEARCH_BASE),
                                    LDAP_SCOPE_SUBTREE,
                                    state->filter, state->attrs,
                                    state->opts->netgroup_map,

builds on my fedora13 (with new ding-libs) but I have no ldap here to test.

does not passes the test suite on my RHEL6 Beta2 at work.
Comment 2 Dmitri Pal 2010-10-31 23:59:54 EDT
https://fedorahosted.org/sssd/ticket/661
Comment 3 Sumit Bose 2010-11-01 04:02:36 EDT
Your patch is obviously correct. Can you explain what you mean by "does not passes the test suite on my RHEL6 Beta2 at work." Does it mean 'make check' returns an error?

Thank you for sending this patch to sssd-devel@lists.fedorahosted.org. I will change it to a git-formatted patch and add you as the author.
Comment 4 Moritz Baumann 2010-11-01 05:06:07 EDT
Created attachment 456822 [details]
output of make check
Comment 5 Moritz Baumann 2010-11-01 05:19:37 EDT
interestingly these tests run fine when I build the rpm as root, but not when running as normal user.
Comment 6 Sumit Bose 2010-11-01 05:28:23 EDT
I can see a similar output if I run the test as a normal user, but tests_sysdb/tests_conf.ldb is owned by root. Can you remove everything in test_sysdb/ and run the test as a normal user again?
Comment 7 Moritz Baumann 2010-11-01 06:52:06 EDT
I'm not sure I understand.

I downloaded the src.rpm added the patch as patch0:

added a %patch0 -p1

and did a rpmbuild --ba.

This whole thing I did once as regular user (so all files belonged to baumanmo)

and once as root, so all files belonged to root.

The rpmbuild as root works, and the tests fail as user.
Comment 8 Sumit Bose 2010-11-01 10:45:41 EDT
Can you check if your spec file uses '--with-test-dir=/dev/shm' to speed up the 'make check' run? If yes, either remove this option or remove the /dev/shm/tests_sysdb/ directory before starting a new 'rpmbuild -ba'
Comment 9 Moritz Baumann 2010-11-01 12:14:16 EDT
yes the specfile from rawide had a --with-test-dir=/dev/shm. 

Removing this lead to a fine build.

Thanks,
Moritz
Comment 10 Fedora Update System 2010-11-05 14:34:36 EDT
sssd-1.4.1-1.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/sssd-1.4.1-1.fc14
Comment 11 Fedora Update System 2010-11-06 19:40:55 EDT
sssd-1.4.1-1.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update sssd'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/sssd-1.4.1-1.fc14
Comment 12 Fedora Update System 2010-11-16 18:19:27 EST
sssd-1.4.1-1.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.