RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 995448 - Sssd delays group member retrieval
Summary: Sssd delays group member retrieval
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: SSSD Maintainers
QA Contact: Namita Soman
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-08-09 11:51 UTC by Nikolai Kondrashov
Modified: 2020-05-02 17:41 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-23 13:08:33 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
entries.ldif (945 bytes, text/plain)
2013-08-09 11:52 UTC, Nikolai Kondrashov
no flags Details
sssd.conf (543 bytes, text/plain)
2013-08-09 11:52 UTC, Nikolai Kondrashov
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Github SSSD sssd issues 3344 0 None None None 2020-05-02 17:41:23 UTC

Description Nikolai Kondrashov 2013-08-09 11:51:17 UTC
Description of problem:
Sssd doesn't seem to provide rfc2307bis group members to the system until after 10 minutes from starting and first attempt to retrieve them.

If an rfc2307bis group containing a single member is present in LDAP directory, sssd is started with enumeration disabled and a clean cache, then output of "getent group GROUP" doesn't show any members until after about 10 minutes from the start and the first retrieval attempt. The "id USER" output, OTOH, shows the group membership at all times.

With the same setup and enumeration *enabled*, the group appears to have the member right from the start.

Version-Release number of selected component (if applicable):
sssd-common-1.11.0-0.2.beta2.el7.x86_64
sssd-ad-1.11.0-0.2.beta2.el7.x86_64
python-sssdconfig-1.11.0-0.2.beta2.el7.noarch
sssd-client-1.11.0-0.2.beta2.el7.x86_64
sssd-krb5-common-1.11.0-0.2.beta2.el7.x86_64
sssd-ldap-1.11.0-0.2.beta2.el7.x86_64
sssd-proxy-1.11.0-0.2.beta2.el7.x86_64
sssd-ipa-1.11.0-0.2.beta2.el7.x86_64
sssd-1.11.0-0.2.beta2.el7.x86_64
libsss_idmap-1.11.0-0.2.beta2.el7.x86_64
sssd-krb5-1.11.0-0.2.beta2.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. Use the attached entries.ldif file to fill the LDAP directory.
2. Use the attached sssd.conf file as the basis for sssd configuration.
3. Remove all files from /var/lib/sss/db.
4. Start sssd.
5. Execute "getent group group10000".
6. Execute "id user10000".
7. Wait about 10 minutes.
8. Execute "getent group group10000".

Actual results:
group10000:*:10000:
uid=10000(user10000) gid=10001(user10000) groups=10001(user10000),10000(group10000)
group10000:*:10000:user10000

Expected results:
group10000:*:10000:user10000
uid=10000(user10000) gid=10001(user10000) groups=10001(user10000),10000(group10000)
group10000:*:10000:user10000

Additional info:
This works on RHEL6 with sssd 1.9.2-82.7.
This might be related to Bug 995031.

Comment 1 Nikolai Kondrashov 2013-08-09 11:52:18 UTC
Created attachment 784798 [details]
entries.ldif

Comment 2 Nikolai Kondrashov 2013-08-09 11:52:40 UTC
Created attachment 784800 [details]
sssd.conf

Comment 4 Jakub Hrozek 2014-04-03 13:51:49 UTC
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2302

Comment 6 Jakub Hrozek 2016-11-23 13:08:33 UTC
Since this problem is already tracked in an upstream ticket and this bugzilla is not being planned for any immediate release either in RHEL or upstream, I'm closing this bugzilla with the resolution UPSTREAM.

Please reopen this bugzilla report if you disagree.


Note You need to log in before you can comment on or make changes to this bug.