Bug 820585 - Group enumeration fails in proxy provider
Summary: Group enumeration fails in proxy provider
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd
Version: 6.3
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: rc
: ---
Assignee: Stephen Gallagher
QA Contact: IDM QE LIST
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-05-10 12:25 UTC by Kaushik Banerjee
Modified: 2020-05-02 16:53 UTC (History)
4 users (show)

Fixed In Version: sssd-1.8.0-26.el6
Doc Type: Bug Fix
Doc Text:
No documentation required
Clone Of:
Environment:
Last Closed: 2012-06-20 11:56:57 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github SSSD sssd issues 2371 None None None 2020-05-02 16:53:13 UTC
Red Hat Product Errata RHBA-2012:0747 normal SHIPPED_LIVE sssd bug fix and enhancement update 2012-06-19 19:31:43 UTC

Description Kaushik Banerjee 2012-05-10 12:25:43 UTC
Description of problem:
Group enumeration fails in proxy provider

Version-Release number of selected component (if applicable):
1.8.0-25

How reproducible:
Always

Steps to Reproduce:
1. Configure nss_ldap and verify if enumeration works via nss_ldap:
 
# getent -s ldap group
Group1:*:1001:puser1
Group2:*:1002:
Group3:*:999:
Group4:*:1011:
Duplicate:*:1010:
 
# getent -s ldap passwd
puser1:*:1001:1001:Posix User1:/home/puser1:/bin/bash
puser2:*:1002:1002:Posix User2:/home/puser2:/bin/bash
puser3:*:999:999:Posix User1:/home/puser3:/bin/bash
puser4:*:1011:1011:Posix User4:/home/puser4:
 

2. Configure sssd via proxy:
 
[domain/PROXY]
id_provider = proxy
auth_provider = proxy
debug_level = 0xFFF0
proxy_lib_name = ldap
proxy_pam_target = sssdproxyldap
enumerate = true

 
3. Check if enumeration works via sssd:
 
# getent -s sss passwd
puser1:*:1001:1001:Posix User1:/home/puser1:/bin/bash
puser2:*:1002:1002:Posix User2:/home/puser2:/bin/bash
puser3:*:999:999:Posix User1:/home/puser3:/bin/bash
puser4:*:1011:1011:Posix User4:/home/puser4:
 
# getent -s sss group
                      <== Nothing is returned

  
Actual results:
Group enumeration fails.

Expected results:
Group enumeration should succeed.

Additional info:

Comment 1 Jakub Hrozek 2012-05-10 12:27:40 UTC
Upstream ticket:
https://fedorahosted.org/sssd/ticket/1329

Comment 3 Stephen Gallagher 2012-05-10 18:10:07 UTC
Patch is available upstream.

Comment 6 Kaushik Banerjee 2012-05-15 10:18:36 UTC
Verified with sssd-1.8.0-27


Beaker automation run output:

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: SSSD proxy-ldap test 003 >>> Get Valid LDAP Groups
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Group1:*:1001:
:: [   PASS   ] :: Running 'getent group | grep Group1'
Group2:*:1002:
:: [   PASS   ] :: Running 'getent group | grep Group2'
'98290c4f-2393-49b5-b9cb-bf57bc56fa06'
SSSD-proxy-ldap-test-003-Get-Valid-LDAP-Groups result: PASS
   metric: 0
   Log: /tmp/beakerlib-5759695/journal.txt
    Info: Searching AVC errors produced since 1337029154.3 (Mon May 14 16:59:14 2012)
     Searching logs...
     Info: No AVC messages found.

Comment 7 Stephen Gallagher 2012-06-12 12:51:35 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation required

Comment 9 errata-xmlrpc 2012-06-20 11:56:57 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0747.html


Note You need to log in before you can comment on or make changes to this bug.