Hide Forgot
Description of problem: Enumerating a group doesn't return it's member for sometime when the member has multi-valued uid. Version-Release number of selected component (if applicable): sssd-1.5.1-51.el6 How reproducible: Always Steps to Reproduce: 1. Add a user and group as: dn: cn=kau23,ou=Users,dc=example,dc=com objectClass: account objectClass: posixAccount uidNumber: 232323 gidNumber: 232323 homeDirectory: /home/kau23 userPassword:: U2VjcmV0MTIz uid: kau23_1 uid: kau23 cn: kau23 dn: cn=kau23_grp1,ou=Groups,dc=example,dc=com gidNumber: 232323 objectClass: posixGroup memberUid: kau23 cn: kau23_grp1 2. Clear cache and Lookup the non-primary username kau23. #"getent -s sss passwd kau23" 3. Try to lookup the group kau23_grp1. [ ~]# getent -s sss group kau23_grp1 kau23_grp1:*:232323: [ ~]# getent -s sss group kau23_grp1 kau23_grp1:*:232323: [ ~]# getent -s sss group kau23_grp1 kau23_grp1:*:232323:kau23 Actual results: The group lookup doesn't list the member immediately after executing command "getent -s sss passwd kau23" Expected results: Lookup of the group should always return: kau23_grp1:*:232323:kau23 Additional info:
Group lookup returns the member appropriately in first attempt: # getent -s sss passwd kau23 kau23_1:*:232323:232323:kau23:/home/kau23: # getent -s sss group kau23_grp1 kau23_grp1:*:232323:kau23_1 Verified in version: # rpm -qi sssd | head Name : sssd Relocations: (not relocatable) Version : 1.5.1 Vendor: Red Hat, Inc. Release : 55.el6 Build Date: Thu 06 Oct 2011 08:55:50 PM IST Install Date: Wed 12 Oct 2011 04:55:20 PM IST Build Host: x86-001.build.bos.redhat.com Group : Applications/System Source RPM: sssd-1.5.1-55.el6.src.rpm Size : 3576801 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://fedorahosted.org/sssd/ Summary : System Security Services Daemon
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: SSSD didn't store alternative names in case user/group had them. Consequence: Members of groups weren't returned by SSSD if the 'member' attribute had different value than what was determined as primary name for that member object. Fix: SSSD stores all user name / group name aliases in cache. When determining membership structure, it uses all aliases in case the entity has some. Result: Membership structure is correctly determined and returned.
Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1,4 +1,4 @@ Cause: SSSD didn't store alternative names in case user/group had them. Consequence: Members of groups weren't returned by SSSD if the 'member' attribute had different value than what was determined as primary name for that member object. -Fix: SSSD stores all user name / group name aliases in cache. When determining membership structure, it uses all aliases in case the entity has some. +Fix: SSSD stores all user name / group name aliases in cache. When determining membership structure, SSSD checks for aliases in addition to the primary name Result: Membership structure is correctly determined and returned.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1529.html