Bug 801368 - Group lookups doesn't return members with proxy provider configured.
Group lookups doesn't return members with proxy provider configured.
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd (Show other bugs)
Unspecified Unspecified
urgent Severity urgent
: rc
: ---
Assigned To: Stephen Gallagher
: Regression
Depends On:
  Show dependency treegraph
Reported: 2012-03-08 06:32 EST by Kaushik Banerjee
Modified: 2012-06-20 07:55 EDT (History)
4 users (show)

See Also:
Fixed In Version: sssd-1.8.0-12.el6
Doc Type: Bug Fix
Doc Text:
No documentation needed
Story Points: ---
Clone Of:
Last Closed: 2012-06-20 07:55:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Kaushik Banerjee 2012-03-08 06:32:29 EST
Description of problem:
Members are not returned while looking up groups with proxy provider.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Add the following user and group in ldap:
dn: uid=Kau7,ou=Users,dc=example,dc=com
objectClass: account
objectClass: posixAccount
cn: Kau7
uidNumber: 7777
gidNumber: 7777
homeDirectory: /home/kau7
userPassword:: U2VjcmV0MTIz
uid: Kau7_Alias
uid: Kau7

dn: cn=Kau7_grp1,ou=Groups,dc=example,dc=com
gidNumber: 7777
objectClass: posixGroup
memberUid: kau7
cn: Kau7_grp1_Alias
cn: Kau7_grp1

2. Configure sssd with following in domain section:
id_provider = proxy
auth_provider = proxy
proxy_lib_name = ldap
proxy_pam_target = sssdproxyldap

3. Verify if nss_ldap is configured properly. Try to lookup the group directly from nss_ldap.
# getent -s ldap group Kau7_grp1

4. Now lookup the group using nss_sss.
# getent -s sss group Kau7_grp1

Actual results:
Member is not returned for the group.

Expected results:
Member should be returned for the group.

Additional info:
1. sssd_domain.log shows:
(Thu Mar  8 13:29:33 2012) [sssd[be[PROXY]]] [sbus_message_handler] (0x4000): Received SBUS method [getAccountInfo]
(Thu Mar  8 13:29:33 2012) [sssd[be[PROXY]]] [be_get_account_info] (0x0100): Got request for [4098][1][name=Kau7_grp1]
(Thu Mar  8 13:29:33 2012) [sssd[be[PROXY]]] [get_gr_name] (0x1000): Searching group by name (Kau7_grp1)
(Thu Mar  8 13:29:33 2012) [sssd[be[PROXY]]] [get_gr_name] (0x1000): Group Kau7_grp1 found: (Kau7_grp1, 7777)
(Thu Mar  8 13:29:33 2012) [sssd[be[PROXY]]] [save_group] (0x1000): Group Kau7_grp1 has 1 members!
(Thu Mar  8 13:29:33 2012) [sssd[be[PROXY]]] [sysdb_attrs_users_from_str_list] (0x4000): Adding 1 members to existing 0 ones
(Thu Mar  8 13:29:33 2012) [sssd[be[PROXY]]] [sysdb_attrs_users_from_str_list] (0x1000):     member #0: [name=kau7,cn=users,cn=PROXY,cn=sysdb]

2. Also "id Kau7" gives appropriate output "uid=7777(Kau7) gid=7777(Kau7_grp1) groups=7777(Kau7_grp1)", but gives the following error in the logs:

(Thu Mar  8 13:30:46 2012) [sssd[be[PROXY]]] [get_initgr_groups_process] (0x0040): proxy -> initgroups_dyn failed (29894464)[Unknown error 29894464]
(Thu Mar  8 13:30:46 2012) [sssd[be[PROXY]]] [ldb] (0x4000): cancel ldb transaction (nesting: 0)
(Thu Mar  8 13:30:46 2012) [sssd[be[PROXY]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,5,Internal Error (Memory buffer error)
Comment 2 Stephen Gallagher 2012-03-08 07:32:36 EST
Upstream ticket:
Comment 7 Kaushik Banerjee 2012-04-02 15:49:28 EDT
Verified in version:

# rpm -qi sssd | head
Name        : sssd                         Relocations: (not relocatable)
Version     : 1.8.0                             Vendor: Red Hat, Inc.
Release     : 20.el6                        Build Date: Fri 30 Mar 2012 06:45:57 PM IST
Install Date: Mon 02 Apr 2012 05:36:37 PM IST      Build Host: x86-002.build.bos.redhat.com
Group       : Applications/System           Source RPM: sssd-1.8.0-20.el6.src.rpm
Size        : 7865577                          License: GPLv3+
Signature   : (none)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon
Comment 8 Jakub Hrozek 2012-04-03 14:30:01 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    New Contents:
No documentation needed
Comment 10 errata-xmlrpc 2012-06-20 07:55:41 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.