SSSD user/group filtering is failing after "files" provider rebuilds cache #1024
Assignees
Labels
Comments
|
Files provider sets up When those files are updated appropriate callback is run: sf_passwd_cb -> dp_sbus_reset_users_ncache() -> sbus_call_resp_negcache_ResetUsers_send() -> sbuds method ("sssd.Responder.NegativeCache", "ResetUsers") -> sss_resp_reset_ncache_users() -> sss_ncache_reset_users() -> sss_ncache_reset_pfx() -- this deletes everything, including permanent entries. The same with 'group'. Easy solution is to leave permanent entries intact (to skip). |
alexey-tikhonov
added a commit
to alexey-tikhonov/sssd
that referenced
this issue
Jun 16, 2020
Files provider calling `sss_ncache_reset_[users/groups]()` during cache rebuilding was breaking neg-cache prepopulation. Resolves: SSSD#1024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Steps to Reproduce:
[nss]
filter_groups = root
filter_users = root, admin
$ id admin
id: ‘admin’: no such user
-- as expected, user 'admin' is filtered out
$ adduser test
$ id admin
uid=1389800000(admin) gid=1389800000(admins) groups=1389800000(admins)
-- user is not filtered anymore.
Initially reported as: https://bugzilla.redhat.com/show_bug.cgi?id=1824323
The text was updated successfully, but these errors were encountered: