Bug 877354 – ldap_connection_expire_timeout doesn't expire ldap connections

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 877354 - ldap_connection_expire_timeout doesn't expire ldap connections

Summary:	ldap_connection_expire_timeout doesn't expire ldap connections

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	sssd (Show other bugs)
Sub Component:
Version:	6.4
Hardware:	Unspecified Unspecified

Priority	unspecified Severity unspecified
Target Milestone:	rc
Target Release:	---
Assigned To:	Jakub Hrozek
QA Contact:	Kaushik Banerjee
Docs Contact:

URL:
Whiteboard:
Keywords:	Regression

Depends On:
Blocks:	881827
	Show dependency tree / graph

Reported:	2012-11-16 05:40 EST by Kaushik Banerjee
Modified:	2013-02-21 04:40 EST (History)
CC List:	4 users (show)

See Also:
Fixed In Version:	sssd-1.9.2-21.el6
Doc Type:	Bug Fix
Doc Text:	No documentation needed.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2013-02-21 04:40:29 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2013:0508	normal	SHIPPED_LIVE	Low: sssd security, bug fix and enhancement update	2013-02-20 16:30:10 EST

Groups: None (edit)

Description Kaushik Banerjee 2012-11-16 05:40:33 EST

Description of problem:
ldap_connection_expire_timeout doesn't expire ldap connections

Version-Release number of selected component (if applicable):
1.9.2-13

How reproducible:
Always

Steps to Reproduce:
1. domain section in sssd.conf

[domain/LDAP]
debug_level = 0xFFF0
id_provider = ldap
ldap_uri = ldap://cobra.lab.eng.pnq.redhat.com
ldap_search_base = dc=example,dc=com
ldap_connection_expire_timeout = 100

2. # getent passwd puser1;netstat -antp | grep 389;sleep 105;netstat -antp | grep 389
puser1:*:2001:2001:Posix User1:/home/puser1:
tcp        0      0 10.65.201.200:40926         10.65.206.93:389            ESTABLISHED 7163/sssd_be        
tcp        0      0 10.65.201.200:40926         10.65.206.93:389            ESTABLISHED 7163/sssd_be

Actual results:
Connection doesn't expire after "ldap_connection_expire_timeout" is over.

Expected results:
Connection should expire

Additional info:

Comment 3 Jakub Hrozek 2012-11-17 14:32:27 EST

Upstream ticket:
https://fedorahosted.org/sssd/ticket/1649

Comment 4 Jakub Hrozek 2012-11-17 14:56:15 EST

FWIW, this regressed only when using non-authenticated connection. Authenticated connections including GSSAPI still timed out fine.

It's still a regression, though. A patch is on the upstream list.

Comment 6 Kaushik Banerjee 2012-11-22 02:53:26 EST

Verified in version 1.9.2-21

Output of beaker automation run:
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ldap_connection_timeout_001 Single Domain
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Stopping sssd: [  OK  ]
Starting sssd: [  OK  ]
[  OK  ]
:: [16:58:17] ::  Sleeping for 5 seconds
:: [   PASS   ] :: File '/var/log/sssd/sssd_LDAP.log' should contain 'Option ldap_connection_expire_timeout has value 100'
puser1:*:1001:1001:Posix User1:/home/puser1:/bin/bash
:: [   PASS   ] :: Running 'getent passwd puser1'
:: [16:58:23] ::  Sleeping for 110 seconds
user_srv1:*:1002:1002:User Srv1:/home/user_srv1:/bin/bash
:: [   PASS   ] :: Running 'getent passwd user_srv1'
:: [   PASS   ] :: Connection was expired after 100 secs and new connection established after that
:: [   PASS   ] :: File '/var/log/sssd/sssd_LDAP.log' should contain 'connection is about to expire, releasing it'
spawn ssh -o StrictHostKeyChecking=no root@dell-pe1950-05.rhts.eng.brq.redhat.com /etc/init.d/dirsrv stop instance1
root@dell-pe1950-05.rhts.eng.brq.redhat.com's password: 
Shutting down dirsrv: 
    instance1...[  OK  ]

user_srv2:*:1999:1999:User SRV2:/home/user_srv2:
:: [   PASS   ] :: Running 'getent passwd user_srv2'
:: [17:01:20] ::  Sleeping for 105 seconds

MARK-LWD-LOOP -- 2012-11-21 17:02:24 --
tcp        0      0 10.34.54.35:52129           10.34.42.26:2389            ESTABLISHED 16081/sssd_be       
Group_srv2:*:1999:
:: [   PASS   ] :: Running 'getent group Group_srv2'
:: [   PASS   ] :: Connection was expired after 100 secs and new connection established after that
:: [   PASS   ] :: File '/var/log/sssd/sssd_LDAP.log' should contain 'connection is about to expire, releasing it'
spawn ssh -o StrictHostKeyChecking=no root@dell-pe1950-05.rhts.eng.brq.redhat.com /etc/init.d/dirsrv start instance1
root@dell-pe1950-05.rhts.eng.brq.redhat.com's password: 
Starting dirsrv: 
    instance1...[  OK  ]

'058e30c3-61bb-4574-8da5-568d03fb819c'
ldap-connection-timeout-001-Single-Domain result: PASS

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ldap_connection_timeout_002 MultiDomain
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Stopping sssd: [  OK  ]
Starting sssd: [  OK  ]
[  OK  ]
:: [17:03:11] ::  Sleeping for 5 seconds
puser1:*:1001:1001:Posix User1:/home/puser1:/bin/bash
:: [   PASS   ] :: Running 'getent passwd puser1'
:: [17:03:16] ::  Sleeping for 105 seconds
user_srv1:*:1002:1002:User Srv1:/home/user_srv1:/bin/bash
:: [   PASS   ] :: Running 'getent passwd user_srv1'
:: [   PASS   ] :: Connection expired after 100 seconds for DOMAIN1 and new connection established after that
:: [   PASS   ] :: File '/var/log/sssd/sssd_DOMAIN1.log' should contain 'connection is about to expire, releasing it'
user_srv2:*:1999:1999:User SRV2:/home/user_srv2:
:: [   PASS   ] :: Running 'getent passwd user_srv2'
:: [17:05:02] ::  Sleeping for 205 seconds

MARK-LWD-LOOP -- 2012-11-21 17:07:24 --
Group_srv2:*:1999:
:: [   PASS   ] :: Running 'getent group Group_srv2'
:: [   PASS   ] :: Connection expired after 200 seconds for DOMAIN2 and new connection established after that
:: [   PASS   ] :: File '/var/log/sssd/sssd_DOMAIN2.log' should contain 'connection is about to expire, releasing it'
'db2b8114-b28c-4240-8fde-f5618bd9895d'
ldap-connection-timeout-002-MultiDomain result: PASS

Comment 7 errata-xmlrpc 2013-02-21 04:40:29 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0508.html

Note You need to log in before you can comment on or make changes to this bug.