Hide Forgot
Description of problem: Attempting to perform an initgroups() lookup of a user that belongs to no groups causes SSSD to throw an error and return no results for the user. Version-Release number of selected component (if applicable): sssd-1.5.1-34.el6 How reproducible: Every time Steps to Reproduce: 1. Configure sssd using ipa-client-install to point at a FreeIPA v2 server. 2. Add a new user to the FreeIPA v2 server (e.g. newuser) 3. Remove this user from the ipausers group (to which they are added automatically) 4. Verify with 'ipa user-show newuser' that the user is not a member of any groups 5. On the client running SSSD, as root run 'su - newuser' Actual results: id: cannot find name for user ID 115200007 Expected results: No error message Additional info:
Upstream ticket https://fedorahosted.org/sssd/ticket/872
Server: # ipa user-add --first=shanks --last=r --password User login [sr]: shanks Password: Enter Password again to verify: ------------------- Added user "shanks" ------------------- User login: shanks First name: shanks Last name: r Full name: shanks r Display name: shanks r Initials: sr Home directory: /home/shanks GECOS field: shanks r Login shell: /bin/sh Kerberos principal: shanks.PNQ.REDHAT.COM UID: 63600003 GID: 63600003 Keytab: True Password: True # ipa group-remove-member ipausers --users=shanks Group name: ipausers Description: Default group for all users GID: 63600001 --------------------------- Number of members removed 1 --------------------------- # ipa user-show shanks User login: shanks First name: shanks Last name: r Home directory: /home/shanks Login shell: /bin/sh UID: 63600003 GID: 63600003 Account disabled: False Keytab: True Password: True Client: [root@ratchet ~]# su - shanks Creating home directory for shanks. -sh-4.1$ Verified. # rpm -qi sssd | head Name : sssd Relocations: (not relocatable) Version : 1.5.1 Vendor: Red Hat, Inc. Release : 53.el6 Build Date: Fri 30 Sep 2011 10:10:28 AM EDT Install Date: Mon 03 Oct 2011 08:54:42 AM EDT Build Host: hs20-bc2-3.build.redhat.com Group : Applications/System Source RPM: sssd-1.5.1-53.el6.src.rpm Size : 3551489 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://fedorahosted.org/sssd/ Summary : System Security Services Daemon
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: the IPA provider would report an error if it did not find any group memberships for a user during the initgroups operation Consequence: The initgroups operation failed Fix: the IPA provider was fixed so that it gracefully handles users without group memberships Result: initgroups operation succeeds for users that are not members of any group
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1529.html