Red Hat Bugzilla – Bug 894738
Failover to ldap_chpass_backup_uri doesn't work
Last modified: 2013-02-21 04:43:26 EST
Description of problem: Failover to ldap_chpass_backup_uri doesn't work Version-Release number of selected component (if applicable): 1.9.2-68 How reproducible: Always Steps to Reproduce: 1. Domain section in sssd.conf: ldap_search_base = dc=example,dc=com id_provider = ldap ldap_uri = ldap://ldapsrv.example.com ldap_chpass_uri = ldap://invalidsrv.example.com ldap_chpass_backup_uri = ldap://ldapsrv.example.com 2. Try to change the password of a user: # ssh -l puser1 localhost puser1@localhost's password: Last login: Fri Jan 11 20:49:34 2013 from localhost -sh-4.1$ passwd Changing password for user puser1. Current Password: System is offline, password change not possible passwd: Authentication token manipulation error -sh-4.1$ Actual results: Password change fails. Looks like failover to ldap_chpass_backup_uri doesn't happen. Logs show: (Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'invalidsrv.example.com': Domain name not found (Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [set_server_common_status] (0x0100): Marking server 'invalidsrv.example.com' as 'not working' (Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (invalidsrv.example.com), resolver returned (11) (Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP_CHPASS' (Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [get_server_status] (0x1000): Status of server 'invalidsrv.example.com' is 'not working' (Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [get_server_status] (0x1000): Status of server 'invalidsrv.example.com' is 'not working' (Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP_CHPASS' (Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5 (Sun Jan 13 20:14:20 2013) [sssd[be[LDAP]]] [be_mark_offline] (0x2000): Going offline! Expected results: Failover to ldap_chpass_backup_uri should work. Additional info:
Upstream ticket: https://fedorahosted.org/sssd/ticket/1760
Pushed upstream.
Verified in version 1.9.2-74 Report from beaker automation run: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: failover-ldap_chpass_backup_uri_001 Server1 down, Server2 online :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Stopping LDAP Server on Server1 and sleeping for 1 second :: [ PASS ] :: File '/var/log/sssd/sssd_LDAP.log' should contain 'Primary server reactivation timeout set to 31 seconds' :: [ PASS ] :: Authentication successful, as expected :: [ PASS ] :: Running 'auth_success puser1 NewPass_123' :: [ LOG ] :: Starting LDAP Server on Server1 and sleeping for 5 seconds :: [ LOG ] :: Duration: 14s :: [ LOG ] :: Assertions: 3 good, 0 bad :: [ PASS ] :: RESULT: failover-ldap_chpass_backup_uri_001 Server1 down, Server2 online :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: failover-ldap_chpass_backup_uri_003 First Server in the list cannot be resolved :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Sleeping for 5 seconds :: [ PASS ] :: File '/var/log/sssd/sssd_LDAP.log' should contain 'Primary server reactivation timeout set to 31 seconds' :: [ PASS ] :: Authentication successful, as expected :: [ PASS ] :: Running 'auth_success puser1 NewPass_123' :: [ LOG ] :: Duration: 10s :: [ LOG ] :: Assertions: 3 good, 0 bad :: [ PASS ] :: RESULT: failover-ldap_chpass_backup_uri_003 First Server in the list cannot be resolved
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0508.html