RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 886848 - user id lookup fails for case sensitive users using proxy provider
Summary: user id lookup fails for case sensitive users using proxy provider
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd
Version: 6.4
Hardware: Unspecified
OS: Unspecified
low
unspecified
Target Milestone: rc
: ---
Assignee: Jakub Hrozek
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
Depends On:
Blocks: 895654
TreeView+ depends on / blocked
 
Reported: 2012-12-13 10:58 UTC by Kaushik Banerjee
Modified: 2020-05-02 17:10 UTC (History)
4 users (show)

Fixed In Version: sssd-1.9.2-63.el6
Doc Type: Bug Fix
Doc Text:
No documentation needed.
Clone Of:
Environment:
Last Closed: 2013-02-21 09:42:36 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github SSSD sssd issues 2756 0 None None None 2020-05-02 17:10:31 UTC
Red Hat Product Errata RHSA-2013:0508 0 normal SHIPPED_LIVE Low: sssd security, bug fix and enhancement update 2013-02-20 21:30:10 UTC

Description Kaushik Banerjee 2012-12-13 10:58:08 UTC
Description of problem:
user id lookup fails for case sensitive users using proxy provider. This is related to bug 874673

Version-Release number of selected component (if applicable):
sssd-1.9.2-41.el6

How reproducible:
Always

Steps to Reproduce:
1. User and group in ldap as follows:
dn: uid=User_CS1,ou=Users,dc=example,dc=com
objectClass: posixAccount
objectClass: account
cn: User_CS1
homeDirectory: /home/User_CS1
userPassword:: U2VjcmV0MTIz
uid: User_CS1_Alias
uid: User_CS1
uidNumber: 304560
gidNumber: 304560
 
dn: cn=User_CS1_grp1,ou=Groups,dc=example,dc=com
objectClass: posixGroup
memberUid: User_CS1
cn: User_CS1_grp1_Alias
cn: User_CS1_grp1
gidNumber: 304560

2. sssd.conf domain section has:
 
[domain/PROXY]
id_provider = proxy
debug_level = 0xFFF0
proxy_lib_name = ldap
proxy_pam_target = sssdproxyldap

3. # getent group User_CS1_grp1;id User_CS1
User_CS1_grp1_Alias:*:304560:User_CS1
id: User_CS1: No such user                   <=== id lookup fails after getent
 
Works fine after clearing cache if I execute the above 2 commands in reverse order:
# id User_CS1;getent group User_CS1_grp1
uid=304560(User_CS1_Alias) gid=304560(User_CS1_grp1_Alias) groups=304560(User_CS1_grp1_Alias)
User_CS1_grp1_Alias:*:304560:User_CS1
  

Actual results:
id lookup fails for the case sensitive user if group is looked up before.

Expected results:
id lookup should work for case sensitive users.

Additional info:
Log shows:
(Wed Dec 12 14:09:15 2012) [sssd[be[PROXY]]] [ldb] (0x4000): cancel ldb transaction (nesting: 2)
(Wed Dec 12 14:09:15 2012) [sssd[be[PROXY]]] [sysdb_error_to_errno] (0x0020): LDB returned unexpected error: [No such attribute]
(Wed Dec 12 14:09:15 2012) [sssd[be[PROXY]]] [sysdb_add_user] (0x0400): Error: 14 (Bad address)
(Wed Dec 12 14:09:15 2012) [sssd[be[PROXY]]] [ldb] (0x4000): cancel ldb transaction (nesting: 1)
(Wed Dec 12 14:09:15 2012) [sssd[be[PROXY]]] [sysdb_store_user] (0x0040): Could not add user
(Wed Dec 12 14:09:15 2012) [sssd[be[PROXY]]] [ldb] (0x4000): cancel ldb transaction (nesting: 0)
(Wed Dec 12 14:09:15 2012) [sssd[be[PROXY]]] [sysdb_store_user] (0x0400): Error: 14 (Bad address)
(Wed Dec 12 14:09:15 2012) [sssd[be[PROXY]]] [save_user] (0x0040): Could not add user to cache
(Wed Dec 12 14:09:15 2012) [sssd[be[PROXY]]] [get_pw_name] (0x0040): proxy -> getpwnam_r failed for 'User_CS1' <14>: Bad address
(Wed Dec 12 14:09:15 2012) [sssd[be[PROXY]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,14,Internal Error (Cannot make/remove an entry for the specified session)

Comment 1 Ondrej Kos 2012-12-13 11:03:46 UTC
Upstream ticket:
https://fedorahosted.org/sssd/ticket/1714

Comment 5 Kaushik Banerjee 2013-01-15 17:34:56 UTC
Verified in version 1.9.2-68

Output of beaker automation run:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: case_sensitive23: proxy provider: case_sensitive=true simple_deny_groups = User_CS1_grp1
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Stopping nslcd: [  OK  ]
Starting nslcd: [  OK  ]
User_CS1:*:1111111:1111111:User_CS1:/home/User_CS1:
:: [   PASS   ] :: Running 'getent -s ldap passwd User_CS1'
Stopping sssd: [  OK  ]
Starting sssd: [  OK  ]
[  OK  ]
:: [12:03:22] ::  Sleeping for 5 seconds
User_CS1_grp1_Alias:*:1111111:User_CS1
:: [   PASS   ] :: Running 'getent group User_CS1_grp1'
uid=1111111(User_CS1_Alias) gid=1111111(User_CS1_grp1_Alias) groups=1111111(User_CS1_grp1_Alias)
:: [   PASS   ] :: Running 'id User_CS1'

Comment 6 errata-xmlrpc 2013-02-21 09:42:36 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0508.html


Note You need to log in before you can comment on or make changes to this bug.