Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sssd getgrnam or getgrent does not list member users from a nested non-posix group if enumeration is enabled #3594

Closed
sssd-bot opened this issue May 2, 2020 · 0 comments
Closed

sssd getgrnam or getgrent does not list member users from a nested non-posix group if enumeration is enabled #3594

sssd-bot opened this issue May 2, 2020 · 0 comments
Labels
Bugzilla Closed: Not a bug

Comments

@sssd-bot
Copy link

sssd-bot commented May 2, 2020

Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/2552

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1176502

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Description of problem:

the ldap search is run for posix groups (gidNumber has to be present). But sssd
does not do any ldap lookups for the non posix groups it only looks them up in
the cache - which does not work.
~~~

~~~


Version-Release number of selected component (if applicable):
The log excerpt above is from sssd-1.9.2-129.el6.x86_64
However I have verified that the bug exists on sssd-1.11.6-30.el6_6.3.x86_64

How reproducible:
Always


Steps to Reproduce:
This was tested against an AD IMU LDAP backend. ad_admins is a posix group from
ldap with nested non posix groups.
0. enumerate = true # in sssd.conf domain section
1. service sssd stop; rm /var/lib/sss/db/cache_EXAMPLE.COM.ldb
/var/lib/sss/db/ccache_EXAMPLE.COM; service sssd start
2. getent group ad_admins # does not list group members from nested groups
3. sss_cache -G # get rid of cache populated by enum
4. getent group ad_admins # lists group members - as backend uses the non enum
code path.

Actual results:
Nested non posix group members are not listed.


Expected results:
Nested non posix group members are listed.

Additional info:
See additional comments and attachments.

Comments

Comment from jhrozek at 2015-01-19 22:28:27

As discussed on our last team meeting, moving to 1.14 beta.

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
mark: no => 0
milestone: NEEDS_TRIAGE => SSSD 1.14 beta
review: True => 0
selected: =>
testsupdated: => 0

Comment from jhrozek at 2015-07-28 20:06:37

Fields changed

priority: major => minor
sensitive: => 0

Comment from jhrozek at 2016-01-18 21:54:08

I think we should move this ticket to deferred, but I would also like to run this request past the rest of the devel team, therefore moving to triage.

milestone: SSSD 1.14 beta => NEEDS_TRIAGE

Comment from jhrozek at 2016-01-21 16:23:35

Upstream has no plans on making enumeration work with non-posix groups as well.

Closing.

resolution: => wontfix
status: new => closed

Comment from jhrozek at 2017-02-24 14:41:01

Metadata Update from @jhrozek:

  • Issue set to the milestone: NEEDS_TRIAGE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bugzilla Closed: Not a bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sssd-bot