Bug 995448 - Sssd delays group member retrieval
Sssd delays group member retrieval
Status: CLOSED UPSTREAM
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd (Show other bugs)
7.0
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: SSSD Maintainers
Namita Soman
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-09 07:51 EDT by Nikolai Kondrashov
Modified: 2016-11-23 08:08 EST (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-11-23 08:08:33 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
entries.ldif (945 bytes, text/plain)
2013-08-09 07:52 EDT, Nikolai Kondrashov
no flags Details
sssd.conf (543 bytes, text/plain)
2013-08-09 07:52 EDT, Nikolai Kondrashov
no flags Details

  None (edit)
Description Nikolai Kondrashov 2013-08-09 07:51:17 EDT
Description of problem:
Sssd doesn't seem to provide rfc2307bis group members to the system until after 10 minutes from starting and first attempt to retrieve them.

If an rfc2307bis group containing a single member is present in LDAP directory, sssd is started with enumeration disabled and a clean cache, then output of "getent group GROUP" doesn't show any members until after about 10 minutes from the start and the first retrieval attempt. The "id USER" output, OTOH, shows the group membership at all times.

With the same setup and enumeration *enabled*, the group appears to have the member right from the start.

Version-Release number of selected component (if applicable):
sssd-common-1.11.0-0.2.beta2.el7.x86_64
sssd-ad-1.11.0-0.2.beta2.el7.x86_64
python-sssdconfig-1.11.0-0.2.beta2.el7.noarch
sssd-client-1.11.0-0.2.beta2.el7.x86_64
sssd-krb5-common-1.11.0-0.2.beta2.el7.x86_64
sssd-ldap-1.11.0-0.2.beta2.el7.x86_64
sssd-proxy-1.11.0-0.2.beta2.el7.x86_64
sssd-ipa-1.11.0-0.2.beta2.el7.x86_64
sssd-1.11.0-0.2.beta2.el7.x86_64
libsss_idmap-1.11.0-0.2.beta2.el7.x86_64
sssd-krb5-1.11.0-0.2.beta2.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. Use the attached entries.ldif file to fill the LDAP directory.
2. Use the attached sssd.conf file as the basis for sssd configuration.
3. Remove all files from /var/lib/sss/db.
4. Start sssd.
5. Execute "getent group group10000".
6. Execute "id user10000".
7. Wait about 10 minutes.
8. Execute "getent group group10000".

Actual results:
group10000:*:10000:
uid=10000(user10000) gid=10001(user10000) groups=10001(user10000),10000(group10000)
group10000:*:10000:user10000

Expected results:
group10000:*:10000:user10000
uid=10000(user10000) gid=10001(user10000) groups=10001(user10000),10000(group10000)
group10000:*:10000:user10000

Additional info:
This works on RHEL6 with sssd 1.9.2-82.7.
This might be related to Bug 995031.
Comment 1 Nikolai Kondrashov 2013-08-09 07:52:18 EDT
Created attachment 784798 [details]
entries.ldif
Comment 2 Nikolai Kondrashov 2013-08-09 07:52:40 EDT
Created attachment 784800 [details]
sssd.conf
Comment 4 Jakub Hrozek 2014-04-03 09:51:49 EDT
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2302
Comment 6 Jakub Hrozek 2016-11-23 08:08:33 EST
Since this problem is already tracked in an upstream ticket and this bugzilla is not being planned for any immediate release either in RHEL or upstream, I'm closing this bugzilla with the resolution UPSTREAM.

Please reopen this bugzilla report if you disagree.

Note You need to log in before you can comment on or make changes to this bug.