Bug 820979 - sssd does not provide maps for automounter when custom schema is being used
Summary: sssd does not provide maps for automounter when custom schema is being used
Alias: None
Product: Fedora
Classification: Fedora
Component: sssd
Version: 17
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Stephen Gallagher
QA Contact: Fedora Extras Quality Assurance
Depends On:
Blocks: 822404
TreeView+ depends on / blocked
Reported: 2012-05-11 13:24 UTC by Ondrej Valousek
Modified: 2020-05-02 16:53 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 822404 (view as bug list)
Last Closed: 2012-06-15 00:34:51 UTC
Type: Bug

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Github SSSD sssd issues 2380 None None None 2020-05-02 16:53:29 UTC

Description Ondrej Valousek 2012-05-11 13:24:36 UTC
Description of problem:
sssd does not provide maps for automounter when AD schema (RFC2307) is being used.
My config:

[root@dorado3 ~]# ldbsearch -H /var/lib/sss/db/config.ldb
server_sort:Unable to register control with rootdse!
# record 1
dn: cn=default,cn=domain,cn=config
auth_provider: krb5
autofs_provider: ldap
cache_credentials: True
chpass_provider: krb5
cn: default
debug_level: 17
dns_discovery_domain: Prague._sites.dublin.ad.s3group.com
id_provider: ldap
krb5_canonicalize: False
krb5_renew_interval: 3600
krb5_renewable_lifetime: 30d
ldap_autofs_entry_key: cn
ldap_autofs_entry_object_class: nisObject
ldap_autofs_entry_value: nisMapEntry
ldap_autofs_map_name: nisMapName
ldap_autofs_map_object_class: nisMap
ldap_autofs_search_base: CN=prague,CN=NIS,DC=dublin,DC=ad,DC=s3group,DC=com
ldap_group_object_class: group
ldap_id_use_start_tls: False
ldap_sasl_authid: DORADO3$@DUBLIN.AD.S3GROUP.COM
ldap_sasl_mech: GSSAPI
ldap_schema: rfc2307bis
ldap_search_base: dc=dublin,dc=ad,dc=s3group,dc=com
ldap_tls_cacertdir: /etc/openldap/cacerts
ldap_user_home_directory: unixHomeDirectory
ldap_user_object_class: user
distinguishedName: cn=default,cn=domain,cn=config

# record 2
dn: cn=sssd,cn=config
cn: sssd
config_file_version: 2
debug_level: 17
domains: default
services: nss, pam, autofs
distinguishedName: cn=sssd,cn=config

# record 3
dn: cn=config
version: 2
lastUpdate: 1336729570
distinguishedName: cn=config

# record 4
dn: cn=nss,cn=config
cn: nss
distinguishedName: cn=nss,cn=config

# record 5
dn: cn=example.com,cn=domain,cn=config
access_provider: ipa
auth_provider: ipa
cache_credentials: True
chpass_provider: ipa
cn: example.com
id_provider: ipa
ipa_domain: example.com
ipa_server: _srv_, polaris.example.com
distinguishedName: cn=example.com,cn=domain,cn=config

# record 6
dn: cn=autofs,cn=config
cn: autofs
debug_level: 10
distinguishedName: cn=autofs,cn=config

# record 7
dn: cn=pam,cn=config
cn: pam
distinguishedName: cn=pam,cn=config

# returned 7 records
# 7 entries
# 0 referrals

The sssd_default.log shows that maps were found successfully, but no maps are located in sssd cache as per:

ldbsearch -H /var/lib/sss/db/cache_default.ldb '(|(objectclass=nisMap)(objectclass=nisObject))'

Version-Release number of selected component (if applicable):
[root@dorado3 ~]# rpm -qa | grep sss

How reproducible:

Steps to Reproduce:
1. configure automounter to get maps from sss
2. try 'automount -m'
Actual results:
Maps should be visible in the output

Expected results:
no maps are seen

Additional info:

Comment 1 Stephen Gallagher 2012-05-14 12:51:23 UTC
Upstream ticket:

Comment 2 Jakub Hrozek 2012-05-15 14:18:24 UTC
(In reply to comment #0)
> ldbsearch -H /var/lib/sss/db/cache_default.ldb
> '(|(objectclass=nisMap)(objectclass=nisObject))'

This search wouldn't return anything, because even if you override the default attributes in the SSSD config file, the SSSD internally translates them into harcoded cache attributes.

What you want to run is:
# ldbsearch -H /var/lib/sss/db/cache_ipaldap.ldb '(|(objectclass=automount)(objectclass=automountMap))'

Also, can you include a more complete log (than the one sent privately) ?  In the domain log, I'm interested in everything between "be_autofs_handler" until "be_autofs_handler_callback".

That should tell us whether the back end saves the data correctly into the cache and whether we should be looking at a bug in the responder or in the back end next.

Comment 3 Jakub Hrozek 2012-05-15 14:20:35 UTC
(In reply to comment #2)
> # ldbsearch -H /var/lib/sss/db/cache_ipaldap.ldb

Err, obviously, replace the path to a real one to your cache. Sorry.

Comment 4 Ondrej Valousek 2012-05-16 14:24:06 UTC
Requested details were sent privately by mail.

Comment 5 Stephen Gallagher 2012-05-25 13:21:19 UTC
Patch committed upstream. Will be built for Fedora when we release 1.8.4 next week.

Comment 6 Fedora Update System 2012-05-30 19:58:48 UTC
sssd-1.8.4-12.fc17 has been submitted as an update for Fedora 17.

Comment 7 Fedora Update System 2012-05-30 20:11:55 UTC
sssd-1.8.4-12.fc16 has been submitted as an update for Fedora 16.

Comment 8 Fedora Update System 2012-06-01 17:01:40 UTC
Package sssd-1.8.4-12.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing sssd-1.8.4-12.fc16'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).

Comment 9 Fedora Update System 2012-06-15 00:34:51 UTC
sssd-1.8.4-12.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2012-06-15 00:35:17 UTC
sssd-1.8.4-12.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.