Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 802718 - Unable to lookup user aliases with proxy provider.
Unable to lookup user aliases with proxy provider.
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd (Show other bugs)
6.3
Unspecified Unspecified
medium Severity unspecified
: rc
: ---
Assigned To: Jakub Hrozek
Kaushik Banerjee
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-13 06:45 EDT by Kaushik Banerjee
Modified: 2013-02-21 04:21 EST (History)
3 users (show)

See Also:
Fixed In Version: sssd-1.9.1-1.el6
Doc Type: Bug Fix
Doc Text:
Cause: The proxy domain type of SSSD allowed only looking up a user by its "primary name" in LDAP Consequence: If the SSSD was configured with a "proxy domain" and the LDAP entry contained more name attributes, only the primary one could be used for lookups Fix: The proxy provider was enhanced to handle also aliases in addition to primary user names. Result: The administrator can look up a user by any of his names when using the proxy provider.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-21 04:21:50 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0508 normal SHIPPED_LIVE Low: sssd security, bug fix and enhancement update 2013-02-20 16:30:10 EST

  None (edit)
Description Kaushik Banerjee 2012-03-13 06:45:51 EDT
Description of problem:
Unable to lookup user aliases with proxy provider.

Version-Release number of selected component (if applicable):
sssd-1.8.0-15

How reproducible:
Always

Steps to Reproduce:
1. Add a user in ldap server as:
dn: uid=User_CS1,ou=Users,dc=example,dc=com
uidNumber: 1111111
gidNumber: 1111111
objectClass: posixAccount
objectClass: account
cn: User_CS1
homeDirectory: /home/user_cs1
userPassword: Secret123
uid: User_CS1_Alias

2. Configure proxy provider domain in sssd as follows:

[domain/PROXY]
debug_level=0xFFF0
id_provider = proxy
case_sensitive = true
proxy_lib_name = ldap
proxy_pam_target = sssdproxyldap

3. Lookup user & alias via nss_ldap:

# getent -s ldap passwd User_CS1_Alias
User_CS1_Alias:Secret123:1111111:1111111:User_CS1:/home/user_cs1:
# getent -s ldap passwd User_CS1
User_CS1:Secret123:1111111:1111111:User_CS1:/home/user_cs1:

4. Lookup user & alias via nss_sss:

# getent -s sss passwd User_CS1_Alias
User_CS1_Alias:*:1111111:1111111:User_CS1:/home/user_cs1:
# getent -s sss passwd User_CS1    <== Doesn't return anything.
  
Actual results:
Unable to lookup user aliases.

sssd_PROXY.log shows:
(Tue Mar 13 14:04:01 2012) [sssd[be[PROXY]]] [sysdb_add_user] (0x0400): Error: 17 (File exists)
(Tue Mar 13 14:04:01 2012) [sssd[be[PROXY]]] [ldb] (0x4000): cancel ldb transaction (nesting: 1)
(Tue Mar 13 14:04:01 2012) [sssd[be[PROXY]]] [ldb] (0x4000): cancel ldb transaction (nesting: 0)
(Tue Mar 13 14:04:01 2012) [sssd[be[PROXY]]] [sysdb_store_user] (0x0400): Error: 17 (File exists)
(Tue Mar 13 14:04:01 2012) [sssd[be[PROXY]]] [save_user] (0x0040): Could not add user to cache
(Tue Mar 13 14:04:01 2012) [sssd[be[PROXY]]] [get_pw_name] (0x0040): proxy -> getpwnam_r failed for 'User_CS1' <1>
(Tue Mar 13 14:04:01 2012) [sssd[be[PROXY]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,17,Internal Error (Failure setting user credentials)

Expected results:
Should be able to lookup user aliases.

Additional info:
Comment 2 Jakub Hrozek 2012-03-13 07:18:30 EDT
Upstream ticket:
https://fedorahosted.org/sssd/ticket/1249
Comment 5 Kaushik Banerjee 2013-01-15 10:12:49 EST
Verified in version 1.9.2-68

Output from beaker automation run:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: case_sensitive21: proxy provider: case_sensitive=true lookup user, group and netgroup
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Stopping sssd: [  OK  ]
Starting sssd: [  OK  ]
[  OK  ]
:: [09:41:29] ::  Sleeping for 5 seconds
uid=1111111(User_CS1_Alias) gid=1111111(User_CS1_grp1_Alias) groups=1111111(User_CS1_grp1_Alias)
:: [   PASS   ] :: Running 'id User_CS1 | grep User_CS1_grp1'
uid=1111111(User_CS1_Alias) gid=1111111(User_CS1_grp1_Alias) groups=1111111(User_CS1_grp1_Alias)
:: [   PASS   ] :: Running 'id User_CS1_Alias | grep User_CS1_grp1'
User_CS1_Alias
:: [   PASS   ] :: Running 'getent passwd User_CS1 | awk -F: '{print $1}' | grep User_CS1'
User_CS1_Alias
:: [   PASS   ] :: Running 'getent passwd User_CS1_Alias | awk -F: '{print $1}' | grep User_CS1'
User_CS1_grp1_Alias
:: [   PASS   ] :: Running 'getent group User_CS1_grp1 | awk -F: '{print $1}' | grep User_CS1_grp1'
User_CS1
:: [   PASS   ] :: Running 'getent group User_CS1_grp1 | awk -F: '{print $4}' | grep User_CS1'
User_CS1_grp1_Alias
:: [   PASS   ] :: Running 'getent group User_CS1_grp1_Alias | awk -F: '{print $1}' | grep User_CS1_grp1'
User_CS1
:: [   PASS   ] :: Running 'getent group User_CS1_grp1_Alias | awk -F: '{print $4}' | grep User_CS1'
Comment 6 errata-xmlrpc 2013-02-21 04:21:50 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0508.html

Note You need to log in before you can comment on or make changes to this bug.