Hide Forgot
SSSD IPA data provider should use IPA schema rather than rely on the netgroups from the compat tree. https://fedorahosted.org/sssd/ticket/793
Upstream ticket: https://fedorahosted.org/sssd/ticket/793
Verified. Version :: ipa-server-2.2.0-4.el6.x86_64 Automated Test Results :: There was a bug in the automated testing. Needed a slight delay between when sssd restarted and when getent was run. Fixed in automation testing code. This is a manual run of fixed automation code: [root@hp-xw6600-01 ipa-netgroup-cli]# netgroup_bz_766141 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: netgroup_bz_766141: SSSD should support FreeIPA's internal netgroup representation :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ----------------------------------- Added netgroup "netgroup_bz_766141" ----------------------------------- Netgroup name: netgroup_bz_766141 Description: netgroup_bz_766141 NIS domain name: testrelm.com IPA unique ID: 41ca900e-6fb7-11e1-840a-0019bbea4c2b :: [ PASS ] :: Running 'ipa netgroup-add netgroup_bz_766141 --desc=netgroup_bz_766141' Netgroup name: netgroup_bz_766141 Description: netgroup_bz_766141 NIS domain name: testrelm.com Member User: admin ------------------------- Number of members added 1 ------------------------- :: [ PASS ] :: Running 'ipa netgroup-add-member netgroup_bz_766141 --users=admin' :: [ PASS ] :: Running 'cp -f /etc/sssd/sssd.conf /etc/sssd/sssd.conf.netgroup_bz_766141.backup' :: [18:27:49] :: Running: sed -i 's/\(\[domain.*\]\)$/\1 debug_level = 6/' /etc/sssd/sssd.conf [domain/testrelm.com] debug_level = 6 cache_credentials = True krb5_store_password_if_offline = True ipa_domain = testrelm.com id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = hp-xw6600-01.testrelm.com chpass_provider = ipa ipa_server = hp-xw6600-01.testrelm.com ldap_tls_cacert = /etc/ipa/ca.crt [sssd] services = nss, pam, ssh config_file_version = 2 domains = testrelm.com [nss] [pam] [sudo] [autofs] [ssh] :: [ PASS ] :: Running 'cat /etc/sssd/sssd.conf' Stopping sssd: [ OK ] [ OK ] sssd: [ OK ] :: [ PASS ] :: Running 'service sssd restart' :: [ PASS ] :: Running 'sleep 5' netgroup_bz_766141 (-, admin, testrelm.com) :: [ PASS ] :: Running 'getent -s sss netgroup netgroup_bz_766141' :: [ PASS ] :: BZ 766141 not found :: [ PASS ] :: Running 'mv -f /etc/sssd/sssd.conf.netgroup_bz_766141.backup /etc/sssd/sssd.conf' :: [ PASS ] :: Running 'chmod 0600 /etc/sssd/sssd.conf' Stopping sssd: [ OK ] [ OK ] sssd: [ OK ] :: [ PASS ] :: Running 'service sssd restart' ------------------------------------- Deleted netgroup "netgroup_bz_766141" ------------------------------------- :: [ PASS ] :: Running 'ipa netgroup-del netgroup_bz_766141' Manual Test Results :: [root@hp-xw6600-01 ipa-netgroup-cli]# ipa netgroup-add bz766141 --desc=test ------------------------- Added netgroup "bz766141" ------------------------- Netgroup name: bz766141 Description: test NIS domain name: testrelm.com IPA unique ID: 02a1ab64-6fb8-11e1-ac14-0019bbea4c2b [root@hp-xw6600-01 ipa-netgroup-cli]# ipa netgroup-add-member bz766141 --users=admin Netgroup name: bz766141 Description: test NIS domain name: testrelm.com Member User: admin ------------------------- Number of members added 1 ------------------------- [root@hp-xw6600-01 ipa-netgroup-cli]# cp -f /etc/sssd/sssd.conf /etc/sssd/sssd.conf.backup [root@hp-xw6600-01 ipa-netgroup-cli]# sed -i 's/\(\[domain.*\]\)$/\1\ndebug_level = 6/' /etc/sssd/sssd.conf [root@hp-xw6600-01 ipa-netgroup-cli]# service sssd restart Stopping sssd: [ OK ] [ OK ] sssd: [ OK ] [root@hp-xw6600-01 ipa-netgroup-cli]# getent -s sss netgroup bz766141 bz766141 (-, admin, testrelm.com) [root@hp-xw6600-01 ipa-netgroup-cli]# grep -i "calling ldap_search_ext with.*NisNetgroup.*compat" /var/log/sssd/sssd_testrelm.com.log [root@hp-xw6600-01 ipa-netgroup-cli]# grep -i cn=ng,cn=compat /var/log/sssd/sssd_testrelm.com.log
Note on verification: This included the following version of SSSD: sssd-1.8.0-15.el6.x86_64
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No technical note required
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0747.html