Bug 872110 - User appears twice on looking up a nested group
Summary: User appears twice on looking up a nested group
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd
Version: 6.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Jakub Hrozek
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-11-01 09:30 UTC by Kaushik Banerjee
Modified: 2020-05-02 17:04 UTC (History)
3 users (show)

Fixed In Version: sssd-1.9.2-7.el6
Doc Type: Bug Fix
Doc Text:
No Documentation Needed
Clone Of:
Environment:
Last Closed: 2013-02-21 09:39:26 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github SSSD sssd issues 2656 None None None 2020-05-02 17:03:59 UTC
Red Hat Product Errata RHSA-2013:0508 normal SHIPPED_LIVE Low: sssd security, bug fix and enhancement update 2013-02-20 21:30:10 UTC

Description Kaushik Banerjee 2012-11-01 09:30:38 UTC
Description of problem:
User appears twice on looking up a nested group

Version-Release number of selected component (if applicable):
sssd-1.9.2-4.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Create a nested group structure in AD as follows:
tuser1_top_grp1
      |
tuser1_mid_grp1
      |
    tuser1

2. Configure sssd to lookup users and groups via ldap provider:
The domain section that I used:
[domain/ADTEST]
debug_level = 0xFFF0
id_provider = ldap
ldap_schema = ad
ldap_uri = ldap://adserver
ldap_default_bind_dn = cn=Administrator,cn=Users,dc=sssdad,dc=com
ldap_default_authtok = xxxxxx
ldap_search_base = dc=sssdad,dc=com
ldap_force_upper_case_realm = True
ldap_referrals = false

3. # service sssd stop;rm -f /var/lib/sss/db/* /var/lib/sss/mc/*;service sssd start
Stopping sssd:                                             [  OK  ]
Starting sssd:                                             [  OK  ]

# getent group tuser1_top_grp1
tuser1_top_grp1:*:10003:tuser1

# getent group tuser1_mid_grp1
tuser1_mid_grp1:*:10004:tuser1,tuser1    <== tuser1 is seen twice
  
Actual results:


Expected results:
# getent group tuser1_mid_grp1
tuser1_mid_grp1:*:10004:tuser1

Additional info:
This issue has been forked out from bug 871843 and is logged as a separate issue.

Comment 2 Jakub Hrozek 2012-11-01 09:37:58 UTC
Upstream ticket:
https://fedorahosted.org/sssd/ticket/1614

Comment 4 Jakub Hrozek 2012-11-01 15:10:19 UTC
Fixed upstream.

Comment 6 Kaushik Banerjee 2012-11-26 13:27:17 UTC
Verified in version 1.9.2-24

Output of beaker automation run:
:: [04:22:55] ::  Verify bz872110
Stopping sssd: [  OK  ]
Starting sssd: [  OK  ]
[  OK  ]
:: [04:22:57] ::  Sleeping for 5 seconds
maingroup1:*:40001:user01
:: [   PASS   ] :: Running 'getent group maingroup1'
group01:*:20001:user01
:: [   PASS   ] :: Running 'getent group group01 | grep -v "user01,user01"'

Comment 7 errata-xmlrpc 2013-02-21 09:39:26 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0508.html


Note You need to log in before you can comment on or make changes to this bug.