+++ This bug was initially created as a clone of Bug #683255 +++ Created attachment 483050 [details] sssd log file Description of problem: sssd seems to get stuck on certain netgroups when doing a lookup for sudo. Version-Release number of selected component (if applicable): sssd-1.5.1-11 How reproducible: every time Steps to Reproduce: unknown Actual results: sudo takes 5min to return Expected results: sudo returns immediately Additional Info: strace snippet: 11:33:24 write(4, "%\0\0\0a\0\0\0\0\0\0\0\0\0\0\0", 16) = 16 11:33:24 poll([{fd=4, events=POLLOUT}], 1, 300000) = 1 ([{fd=4, revents=POLLOUT}]) 11:33:24 write(4, "fg_5400_prod_support\0", 21) = 21 11:33:24 poll([{fd=4, events=POLLIN}], 1, 300000) = 0 (Timeout) 11:38:24 close(4) = 0 11:38:24 socket(PF_FILE, SOCK_STREAM, 0) = 4 11:38:24 fcntl(4, F_GETFL) = 0x2 (flags O_RDWR) 11:38:24 fcntl(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0 11:38:24 fcntl(4, F_GETFD) = 0 11:38:24 fcntl(4, F_SETFD, FD_CLOEXEC) = 0 11:38:24 connect(4, {sa_family=AF_FILE, path="/var/lib/sss/pipes/nss"}, 110) = 0
Upstream ticket https://fedorahosted.org/sssd/ticket/819
To reproduce this issue, put '(test)' into the description attribute of a netgroup entry and add 'ldap_netgroup_triple = description' to sssd.conf sssd.conf domain section: [domain/LDAP] debug_level = 9 id_provider = ldap auth_provider = ldap ldap_uri = ldap://<ldap server hostname> ldap_search_base = dc=example,dc=com ldap_netgroup_triple = description "getent -s sss netgroup broken_netgroup" returns nothing on every enumeration and exits back to the shell immediately. Verified in version: # rpm -qi sssd | head Name : sssd Relocations: (not relocatable) Version : 1.5.1 Vendor: Red Hat, Inc. Release : 34.el5 Build Date: Tue 03 May 2011 10:46:09 PM IST Install Date: Wed 11 May 2011 02:07:53 PM IST Build Host: x86-004.build.bos.redhat.com Group : Applications/System Source RPM: sssd-1.5.1-34.el5.src.rpm Size : 3508089 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://fedorahosted.org/sssd/ Summary : System Security Services Daemon
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2011-0975.html