Bug 738629 - Group lookups doesn't return it's member for sometime when the member has multi-valued uid.
Summary: Group lookups doesn't return it's member for sometime when the member has mul...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd
Version: 6.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Stephen Gallagher
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 748554 748877
TreeView+ depends on / blocked
 
Reported: 2011-09-15 12:23 UTC by Kaushik Banerjee
Modified: 2015-01-04 23:51 UTC (History)
7 users (show)

Fixed In Version: sssd-1.5.1-55.el6
Doc Type: Bug Fix
Doc Text:
Cause: SSSD didn't store alternative names in case user/group had them. Consequence: Members of groups weren't returned by SSSD if the 'member' attribute had different value than what was determined as primary name for that member object. Fix: SSSD stores all user name / group name aliases in cache. When determining membership structure, SSSD checks for aliases in addition to the primary name Result: Membership structure is correctly determined and returned.
Clone Of:
: 748877 (view as bug list)
Environment:
Last Closed: 2011-12-06 16:40:08 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1529 normal SHIPPED_LIVE sssd bug fix and enhancement update 2011-12-06 00:50:20 UTC
FedoraHosted SSSD 926 None None None Never

Description Kaushik Banerjee 2011-09-15 12:23:54 UTC
Description of problem:
Enumerating a group doesn't return it's member for sometime when the member has multi-valued uid.

Version-Release number of selected component (if applicable):
sssd-1.5.1-51.el6

How reproducible:
Always

Steps to Reproduce:
1. Add a user and group as:
dn: cn=kau23,ou=Users,dc=example,dc=com
objectClass: account
objectClass: posixAccount
uidNumber: 232323
gidNumber: 232323
homeDirectory: /home/kau23
userPassword:: U2VjcmV0MTIz
uid: kau23_1
uid: kau23
cn: kau23

dn: cn=kau23_grp1,ou=Groups,dc=example,dc=com
gidNumber: 232323
objectClass: posixGroup
memberUid: kau23
cn: kau23_grp1

2. Clear cache and Lookup the non-primary username kau23.
#"getent -s sss passwd kau23"

3. Try to lookup the group kau23_grp1.

[ ~]# getent -s sss group kau23_grp1
kau23_grp1:*:232323:
[ ~]# getent -s sss group kau23_grp1
kau23_grp1:*:232323:
[ ~]# getent -s sss group kau23_grp1
kau23_grp1:*:232323:kau23

  
Actual results:
The group lookup doesn't list the member immediately after executing command "getent -s sss passwd kau23"

Expected results:
Lookup of the group should always return:
kau23_grp1:*:232323:kau23

Additional info:

Comment 3 Kaushik Banerjee 2011-10-14 12:31:59 UTC
Group lookup returns the member appropriately in first attempt:

# getent -s sss passwd kau23
kau23_1:*:232323:232323:kau23:/home/kau23:

# getent -s sss group kau23_grp1
kau23_grp1:*:232323:kau23_1


Verified in version:
# rpm -qi sssd | head
Name        : sssd                         Relocations: (not relocatable)
Version     : 1.5.1                             Vendor: Red Hat, Inc.
Release     : 55.el6                        Build Date: Thu 06 Oct 2011 08:55:50 PM IST
Install Date: Wed 12 Oct 2011 04:55:20 PM IST      Build Host: x86-001.build.bos.redhat.com
Group       : Applications/System           Source RPM: sssd-1.5.1-55.el6.src.rpm
Size        : 3576801                          License: GPLv3+
Signature   : (none)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon

Comment 4 Jan Zeleny 2011-10-27 13:22:54 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: SSSD didn't store alternative names in case user/group had them.
Consequence: Members of groups weren't returned by SSSD if the 'member' attribute had different value than what was determined as primary name for that member object.
Fix: SSSD stores all user name / group name aliases in cache. When determining membership structure, it uses all aliases in case the entity has some.
Result: Membership structure is correctly determined and returned.

Comment 5 Jakub Hrozek 2011-10-27 14:22:03 UTC
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,4 +1,4 @@
 Cause: SSSD didn't store alternative names in case user/group had them.
 Consequence: Members of groups weren't returned by SSSD if the 'member' attribute had different value than what was determined as primary name for that member object.
-Fix: SSSD stores all user name / group name aliases in cache. When determining membership structure, it uses all aliases in case the entity has some.
+Fix: SSSD stores all user name / group name aliases in cache. When determining membership structure, SSSD checks for aliases in addition to the primary name
 Result: Membership structure is correctly determined and returned.

Comment 6 errata-xmlrpc 2011-12-06 16:40:08 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1529.html


Note You need to log in before you can comment on or make changes to this bug.