Hide Forgot
Description of problem: Members are not returned while looking up groups with proxy provider. Version-Release number of selected component (if applicable): sssd-1.8.0-11 How reproducible: Always Steps to Reproduce: 1. Add the following user and group in ldap: dn: uid=Kau7,ou=Users,dc=example,dc=com objectClass: account objectClass: posixAccount cn: Kau7 uidNumber: 7777 gidNumber: 7777 homeDirectory: /home/kau7 userPassword:: U2VjcmV0MTIz uid: Kau7_Alias uid: Kau7 dn: cn=Kau7_grp1,ou=Groups,dc=example,dc=com gidNumber: 7777 objectClass: posixGroup memberUid: kau7 cn: Kau7_grp1_Alias cn: Kau7_grp1 2. Configure sssd with following in domain section: [domain/PROXY] debug_level=0xFFF0 id_provider = proxy auth_provider = proxy proxy_lib_name = ldap proxy_pam_target = sssdproxyldap 3. Verify if nss_ldap is configured properly. Try to lookup the group directly from nss_ldap. # getent -s ldap group Kau7_grp1 Kau7_grp1:*:7777:kau7 4. Now lookup the group using nss_sss. # getent -s sss group Kau7_grp1 Kau7_grp1:*:7777: Actual results: Member is not returned for the group. Expected results: Member should be returned for the group. Additional info: 1. sssd_domain.log shows: (Thu Mar 8 13:29:33 2012) [sssd[be[PROXY]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo] (Thu Mar 8 13:29:33 2012) [sssd[be[PROXY]]] [be_get_account_info] (0x0100): Got request for [4098][1][name=Kau7_grp1] (Thu Mar 8 13:29:33 2012) [sssd[be[PROXY]]] [get_gr_name] (0x1000): Searching group by name (Kau7_grp1) (Thu Mar 8 13:29:33 2012) [sssd[be[PROXY]]] [get_gr_name] (0x1000): Group Kau7_grp1 found: (Kau7_grp1, 7777) (Thu Mar 8 13:29:33 2012) [sssd[be[PROXY]]] [save_group] (0x1000): Group Kau7_grp1 has 1 members! (Thu Mar 8 13:29:33 2012) [sssd[be[PROXY]]] [sysdb_attrs_users_from_str_list] (0x4000): Adding 1 members to existing 0 ones (Thu Mar 8 13:29:33 2012) [sssd[be[PROXY]]] [sysdb_attrs_users_from_str_list] (0x1000): member #0: [name=kau7,cn=users,cn=PROXY,cn=sysdb] 2. Also "id Kau7" gives appropriate output "uid=7777(Kau7) gid=7777(Kau7_grp1) groups=7777(Kau7_grp1)", but gives the following error in the logs: (Thu Mar 8 13:30:46 2012) [sssd[be[PROXY]]] [get_initgr_groups_process] (0x0040): proxy -> initgroups_dyn failed (29894464)[Unknown error 29894464] (Thu Mar 8 13:30:46 2012) [sssd[be[PROXY]]] [ldb] (0x4000): cancel ldb transaction (nesting: 0) (Thu Mar 8 13:30:46 2012) [sssd[be[PROXY]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,5,Internal Error (Memory buffer error)
Upstream ticket: https://fedorahosted.org/sssd/ticket/1241
Verified in version: # rpm -qi sssd | head Name : sssd Relocations: (not relocatable) Version : 1.8.0 Vendor: Red Hat, Inc. Release : 20.el6 Build Date: Fri 30 Mar 2012 06:45:57 PM IST Install Date: Mon 02 Apr 2012 05:36:37 PM IST Build Host: x86-002.build.bos.redhat.com Group : Applications/System Source RPM: sssd-1.8.0-20.el6.src.rpm Size : 7865577 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://fedorahosted.org/sssd/ Summary : System Security Services Daemon
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No documentation needed
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0747.html