Bug 886848 - user id lookup fails for case sensitive users using proxy provider
Summary: user id lookup fails for case sensitive users using proxy provider
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd
Version: 6.4
Hardware: Unspecified
OS: Unspecified
low
unspecified
Target Milestone: rc
: ---
Assignee: Jakub Hrozek
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
Depends On:
Blocks: 895654
TreeView+ depends on / blocked
 
Reported: 2012-12-13 10:58 UTC by Kaushik Banerjee
Modified: 2020-05-02 17:10 UTC (History)
4 users (show)

Fixed In Version: sssd-1.9.2-63.el6
Doc Type: Bug Fix
Doc Text:
No documentation needed.
Clone Of:
Environment:
Last Closed: 2013-02-21 09:42:36 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github SSSD sssd issues 2756 None None None 2020-05-02 17:10:31 UTC
Red Hat Product Errata RHSA-2013:0508 normal SHIPPED_LIVE Low: sssd security, bug fix and enhancement update 2013-02-20 21:30:10 UTC

Description Kaushik Banerjee 2012-12-13 10:58:08 UTC
Description of problem:
user id lookup fails for case sensitive users using proxy provider. This is related to bug 874673

Version-Release number of selected component (if applicable):
sssd-1.9.2-41.el6

How reproducible:
Always

Steps to Reproduce:
1. User and group in ldap as follows:
dn: uid=User_CS1,ou=Users,dc=example,dc=com
objectClass: posixAccount
objectClass: account
cn: User_CS1
homeDirectory: /home/User_CS1
userPassword:: U2VjcmV0MTIz
uid: User_CS1_Alias
uid: User_CS1
uidNumber: 304560
gidNumber: 304560
 
dn: cn=User_CS1_grp1,ou=Groups,dc=example,dc=com
objectClass: posixGroup
memberUid: User_CS1
cn: User_CS1_grp1_Alias
cn: User_CS1_grp1
gidNumber: 304560

2. sssd.conf domain section has:
 
[domain/PROXY]
id_provider = proxy
debug_level = 0xFFF0
proxy_lib_name = ldap
proxy_pam_target = sssdproxyldap

3. # getent group User_CS1_grp1;id User_CS1
User_CS1_grp1_Alias:*:304560:User_CS1
id: User_CS1: No such user                   <=== id lookup fails after getent
 
Works fine after clearing cache if I execute the above 2 commands in reverse order:
# id User_CS1;getent group User_CS1_grp1
uid=304560(User_CS1_Alias) gid=304560(User_CS1_grp1_Alias) groups=304560(User_CS1_grp1_Alias)
User_CS1_grp1_Alias:*:304560:User_CS1
  

Actual results:
id lookup fails for the case sensitive user if group is looked up before.

Expected results:
id lookup should work for case sensitive users.

Additional info:
Log shows:
(Wed Dec 12 14:09:15 2012) [sssd[be[PROXY]]] [ldb] (0x4000): cancel ldb transaction (nesting: 2)
(Wed Dec 12 14:09:15 2012) [sssd[be[PROXY]]] [sysdb_error_to_errno] (0x0020): LDB returned unexpected error: [No such attribute]
(Wed Dec 12 14:09:15 2012) [sssd[be[PROXY]]] [sysdb_add_user] (0x0400): Error: 14 (Bad address)
(Wed Dec 12 14:09:15 2012) [sssd[be[PROXY]]] [ldb] (0x4000): cancel ldb transaction (nesting: 1)
(Wed Dec 12 14:09:15 2012) [sssd[be[PROXY]]] [sysdb_store_user] (0x0040): Could not add user
(Wed Dec 12 14:09:15 2012) [sssd[be[PROXY]]] [ldb] (0x4000): cancel ldb transaction (nesting: 0)
(Wed Dec 12 14:09:15 2012) [sssd[be[PROXY]]] [sysdb_store_user] (0x0400): Error: 14 (Bad address)
(Wed Dec 12 14:09:15 2012) [sssd[be[PROXY]]] [save_user] (0x0040): Could not add user to cache
(Wed Dec 12 14:09:15 2012) [sssd[be[PROXY]]] [get_pw_name] (0x0040): proxy -> getpwnam_r failed for 'User_CS1' <14>: Bad address
(Wed Dec 12 14:09:15 2012) [sssd[be[PROXY]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,14,Internal Error (Cannot make/remove an entry for the specified session)

Comment 1 Ondrej Kos 2012-12-13 11:03:46 UTC
Upstream ticket:
https://fedorahosted.org/sssd/ticket/1714

Comment 5 Kaushik Banerjee 2013-01-15 17:34:56 UTC
Verified in version 1.9.2-68

Output of beaker automation run:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: case_sensitive23: proxy provider: case_sensitive=true simple_deny_groups = User_CS1_grp1
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Stopping nslcd: [  OK  ]
Starting nslcd: [  OK  ]
User_CS1:*:1111111:1111111:User_CS1:/home/User_CS1:
:: [   PASS   ] :: Running 'getent -s ldap passwd User_CS1'
Stopping sssd: [  OK  ]
Starting sssd: [  OK  ]
[  OK  ]
:: [12:03:22] ::  Sleeping for 5 seconds
User_CS1_grp1_Alias:*:1111111:User_CS1
:: [   PASS   ] :: Running 'getent group User_CS1_grp1'
uid=1111111(User_CS1_Alias) gid=1111111(User_CS1_grp1_Alias) groups=1111111(User_CS1_grp1_Alias)
:: [   PASS   ] :: Running 'id User_CS1'

Comment 6 errata-xmlrpc 2013-02-21 09:42:36 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0508.html


Note You need to log in before you can comment on or make changes to this bug.