799915 – Unable to lookup netgroups with case_sensitive=false.

Bug 799915 - Unable to lookup netgroups with case_sensitive=false.

Summary: Unable to lookup netgroups with case_sensitive=false.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	sssd
Sub Component:
Version:	6.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Stephen Gallagher
QA Contact:	IDM QE LIST
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-03-05 12:09 UTC by Kaushik Banerjee
Modified:	2020-05-02 16:47 UTC (History)
CC List:	4 users (show)
Fixed In Version:	sssd-1.8.0-12.el6
Doc Type:	Bug Fix
Doc Text:	No documentation needed
Clone Of:
Environment:
Last Closed:	2012-06-20 11:55:31 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	SSSD sssd issues 2270	0	None	None	None	2020-05-02 16:47:22 UTC
Red Hat Product Errata	RHBA-2012:0747	0	normal	SHIPPED_LIVE	sssd bug fix and enhancement update	2012-06-19 19:31:43 UTC

Description Kaushik Banerjee 2012-03-05 12:09:31 UTC

Description of problem:
Unable to lookup netgroups with case_sensitive=false

Version-Release number of selected component (if applicable):
sssd-1.8.0-11

How reproducible:
Always

Steps to Reproduce:
1. Add a netgroup in ldap server:
dn: cn=NetGroup4,ou=Netgroup,dc=example,dc=com
objectClass: nisNetgroup
cn: NetGroup4_Alias
cn: NetGroup4
nisNetgroupTriple: (Host1.example.com,User1,example.com)
nisNetgroupTriple: (host2.example.com,user2,Example.com)
description: All users in my organization

2. Setup sssd.conf domain section as:
[domain/LDAP]
debug_level=0xFFF0
id_provider = ldap
ldap_uri = ldap://ldapserver.example.com
ldap_search_base = dc=example,dc=com?subtree?
ldap_tls_cacert = /etc/openldap/cacerts/server.pem
case_sensitive = false

3. Lookup the netgroup.

Actual results:
"getent netgroup netgroup4" returns nothing.

Expected results:
Should be able to lookup the netgroup.

Additional info:

sssd_domain.log shows:

<snip>

(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sdap_get_netgroups_next_base] (0x0400): Searching for netgroups with base [dc=example,dc=com]
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(cn=netgroup4)(objectclass=nisNetgroup))][dc=example,dc=com].
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberNisNetgroup]
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nisNetgroupTriple]
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsUniqueId]
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 3
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sdap_id_op_connect_done] (0x4000): caching successful connection after 1 notifies
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: sh[0x17a0bb0], connected[1], ops[0x179bb90], ldap[0x179f230]
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: sh[0x17a0bb0], connected[1], ops[0x179bb90], ldap[0x179f230]
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY]
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sdap_parse_entry] (0x4000): OriginalDN: [cn=NetGroup4,ou=Netgroup,dc=example,dc=com].
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): Trace: sh[0x17a0bb0], connected[1], ops[0x179bb90], ldap[0x179f230]
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sdap_get_netgroups_process] (0x0400): Search for netgroups, returned 1 results.
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [netgr_translate_members_send] (0x1000): Missing netgroup members.
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [netgr_translate_members_send] (0x4000): No DNs found among netgroup members.
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sdap_attrs_add_ldap_attr] (0x2000): Adding original DN [cn=NetGroup4,ou=Netgroup,dc=example,dc=com] to attributes of [NetGroup4_Alias].
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sdap_attrs_add_ldap_attr] (0x2000): Adding netgroup triple [(Host1.example.com,User1,example.com)] to attributes of [NetGroup4_Alias].
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sdap_attrs_add_ldap_attr] (0x2000): Adding netgroup triple [(host2.example.com,user2,Example.com)] to attributes of [NetGroup4_Alias].
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sdap_attrs_add_ldap_attr] (0x2000): original members is not available for [NetGroup4_Alias].
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sdap_attrs_add_ldap_attr] (0x2000): members is not available for [NetGroup4_Alias].
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sdap_save_netgroup] (0x0400): Storing info for netgroup NetGroup4_Alias
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sysdb_attrs_get_aliases] (0x2000): Domain is case-insensitive; will add lowercased aliases
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): start ldb transaction (nesting: 0)
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): start ldb transaction (nesting: 1)
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x1789180

(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x17892a0

(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): tevent: Destroying timer event 0x17892a0 "ltdb_timeout"

(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): tevent: Ending timer event 0x1789180 "ltdb_callback"

(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): cancel ldb transaction (nesting: 1)
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sysdb_add_basic_netgroup] (0x0400): Error: 17 (File exists)
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): start ldb transaction (nesting: 1)
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x1790b50

(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x1790c00

(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): tevent: Destroying timer event 0x1790c00 "ltdb_timeout"

(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): tevent: Ending timer event 0x1790b50 "ltdb_callback"

(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): commit ldb transaction (nesting: 1)
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): start ldb transaction (nesting: 1)
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sysdb_remove_attrs] (0x2000): Removing attribute [originalMemberNisNetgroup] from [NetGroup4_Alias]
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): start ldb transaction (nesting: 2)
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x179ab90

(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x17892a0

(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): tevent: Destroying timer event 0x17892a0 "ltdb_timeout"

(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): tevent: Ending timer event 0x179ab90 "ltdb_callback"

(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): cancel ldb transaction (nesting: 2)
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [sysdb_remove_attrs] (0x2000): Removing attribute [uniqueID] from [NetGroup4_Alias]
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): start ldb transaction (nesting: 2)
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): tevent: Added timed event "ltdb_callback": 0x17892a0

(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): tevent: Added timed event "ltdb_timeout": 0x179ab90

(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): tevent: Destroying timer event 0x179ab90 "ltdb_timeout"

(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): tevent: Ending timer event 0x17892a0 "ltdb_callback"

(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): cancel ldb transaction (nesting: 2)
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): commit ldb transaction (nesting: 1)
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [ldb] (0x4000): commit ldb transaction (nesting: 0)
(Mon Mar  5 15:29:04 2012) [sssd[be[LDAP]]] [netgr_translate_members_done] (0x4000): Saving 1 Netgroups - Done

</snip>

Comment 2 Jakub Hrozek 2012-03-05 12:20:32 UTC

The root cause is that when fetching the data from sysdb after a cache update, we search by DN, which contains the original name, not the lowercased. We need to search by both name and nameAlias.

Comment 3 Jakub Hrozek 2012-03-05 12:21:28 UTC

Upstream ticket:
https://fedorahosted.org/sssd/ticket/1228

Comment 7 Kaushik Banerjee 2012-04-02 19:40:18 UTC

Verified in version:

# rpm -qi sssd | head
Name        : sssd                         Relocations: (not relocatable)
Version     : 1.8.0                             Vendor: Red Hat, Inc.
Release     : 20.el6                        Build Date: Fri 30 Mar 2012 06:45:57 PM IST
Install Date: Mon 02 Apr 2012 05:36:37 PM IST      Build Host: x86-002.build.bos.redhat.com
Group       : Applications/System           Source RPM: sssd-1.8.0-20.el6.src.rpm
Size        : 7865577                          License: GPLv3+
Signature   : (none)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon

Comment 8 Jakub Hrozek 2012-04-03 18:28:27 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed

Comment 10 errata-xmlrpc 2012-06-20 11:55:31 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0747.html

Note You need to log in before you can comment on or make changes to this bug.