Bug 683260 - sudo/ldap lookup via sssd gets stuck for 5min waiting on netgroup
Summary: sudo/ldap lookup via sssd gets stuck for 5min waiting on netgroup
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: sssd
Version: 5.7
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: rc
: ---
Assignee: Stephen Gallagher
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On: 683255
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-03-08 22:45 UTC by Guil Barros
Modified: 2015-01-04 23:47 UTC (History)
7 users (show)

Fixed In Version: sssd-1.5.1-16.el5
Doc Type: Bug Fix
Doc Text:
Clone Of: 683255
Environment:
Last Closed: 2011-07-21 08:09:46 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0975 0 normal SHIPPED_LIVE Low: sssd security, bug fix, and enhancement update 2011-07-21 08:09:03 UTC

Description Guil Barros 2011-03-08 22:45:29 UTC 
+++ This bug was initially created as a clone of Bug #683255 +++

Created attachment 483050 [details]
sssd log file

Description of problem:
sssd seems to get stuck on certain netgroups when doing a lookup for sudo.


Version-Release number of selected component (if applicable):
sssd-1.5.1-11

How reproducible:
every time

Steps to Reproduce:
unknown
  
Actual results:
sudo takes 5min to return

Expected results:
sudo returns immediately

Additional Info:
strace snippet:
11:33:24 write(4, "%\0\0\0a\0\0\0\0\0\0\0\0\0\0\0", 16) = 16
11:33:24 poll([{fd=4, events=POLLOUT}], 1, 300000) = 1 ([{fd=4, revents=POLLOUT}])
11:33:24 write(4, "fg_5400_prod_support\0", 21) = 21
11:33:24 poll([{fd=4, events=POLLIN}], 1, 300000) = 0 (Timeout)
11:38:24 close(4)                       = 0
11:38:24 socket(PF_FILE, SOCK_STREAM, 0) = 4
11:38:24 fcntl(4, F_GETFL)              = 0x2 (flags O_RDWR)
11:38:24 fcntl(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
11:38:24 fcntl(4, F_GETFD)              = 0
11:38:24 fcntl(4, F_SETFD, FD_CLOEXEC)  = 0
11:38:24 connect(4, {sa_family=AF_FILE, path="/var/lib/sss/pipes/nss"}, 110) = 0
Comment 1 Sumit Bose 2011-03-09 09:40:56 UTC 
Upstream ticket https://fedorahosted.org/sssd/ticket/819
Comment 3 Kaushik Banerjee 2011-05-16 15:50:08 UTC 
To reproduce this issue, put '(test)' into the description attribute of a
netgroup entry and add 'ldap_netgroup_triple = description' to sssd.conf

sssd.conf domain section:
[domain/LDAP]
debug_level = 9
id_provider = ldap
auth_provider = ldap
ldap_uri = ldap://<ldap server hostname>
ldap_search_base = dc=example,dc=com
ldap_netgroup_triple = description


"getent -s sss netgroup broken_netgroup" returns nothing on every enumeration and exits back to the shell immediately.

Verified in version:
# rpm -qi sssd | head
Name        : sssd                         Relocations: (not relocatable)
Version     : 1.5.1                             Vendor: Red Hat, Inc.
Release     : 34.el5                        Build Date: Tue 03 May 2011 10:46:09 PM IST
Install Date: Wed 11 May 2011 02:07:53 PM IST      Build Host: x86-004.build.bos.redhat.com
Group       : Applications/System           Source RPM: sssd-1.5.1-34.el5.src.rpm
Size        : 3508089                          License: GPLv3+
Signature   : (none)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon
Comment 4 errata-xmlrpc 2011-07-21 08:09:46 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0975.html
Note You need to log in before you can comment on or make changes to this bug.