+++ This bug was initially created as a clone of Bug #690866 +++ Description of problem: We are not properly handling the case where a group might have a memberuid attribute with no name (zero-length string). This causes a failure in the code that does not properly clean up after itself, resulting in SSSD holding open a transaction to the ldb, making it unable to cache new lookups properly (as data is only saved when all nested transactions are marked complete). Version-Release number of selected component (if applicable): sssd-1.5.1-20.el6 How reproducible: Every time Steps to Reproduce: 1. Create an LDAP group in RFC2307 with a memberuid attribute of zero length 2. Purge the cache and restart SSSD 3. run 'getent group <groupname>' 4. run 'getent passwd <valid user>' Actual results: Neither command returns results Expected results: The group request should ignore the empty name and return successfully. The user request should return the user properly. Additional info:
Verified in version: # rpm -qi sssd | head Name : sssd Relocations: (not relocatable) Version : 1.5.1 Vendor: Red Hat, Inc. Release : 34.el5 Build Date: Tue 03 May 2011 10:46:09 PM IST Install Date: Wed 11 May 2011 02:07:53 PM IST Build Host: x86-004.build.bos.redhat.com Group : Applications/System Source RPM: sssd-1.5.1-34.el5.src.rpm Size : 3508089 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://fedorahosted.org/sssd/ Summary : System Security Services Daemon Steps to test: 1. User and group added as: dn: cn=user3,ou=Engineering,dc=example,dc=com objectClass: account objectClass: posixAccount cn: user3 uid: user3 uidNumber: 5002 gidNumber: 5002 homeDirectory: /home/user3 loginShell: /bin/bash userPassword:: e1NTSEF9NEFrSjNLa3I5bE5McmxaUWlmRU5acEIzQi9SM0dxTlM= dn: cn=user3,ou=Groups,dc=example,dc=com gidNumber: 5002 objectClass: posixGroup cn: user3 memberUid: 2. Enumerate the user and group: # getent -s sss passwd user3 user3:*:5002:5002:user3:/home/user3:/bin/bash # getent -s sss group user3 user3:*:5002: # id user3 uid=5002(user3) gid=5002(user3) groups=5002(user3) context=root:system_r:unconfined_t:SystemLow-SystemHigh # id -G user3 5002
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2011-0975.html