Red Hat Bugzilla – Bug 689886
group memberships are not populated correctly during IPA provider initgroups
Last modified: 2015-01-04 18:47:21 EST
Description of problem:
when performing initgroups in the IPA provider, only the user we are performing initgroups for is stored in cache.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
0. start with clear cache
1. log in as user who is a member of a group that contains at least one other user
2. run id to get the list of the groups
3. getent passwd <group> only shows the user you are logged in as
getent group does not show all users
all users are reported
The root cause is storing the group as not expired even when not all the members are present in the cache. Next time getgrnam/getgrgid is called, the group is not refreshed with the other members and just returned.
Upstream ticket - https://fedorahosted.org/sssd/ticket/822
sgallagh stopped by...and i realized i hadn't started with step 0 - clean cache. With a clean cache, verified successfully that the group listed all its users
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.