Application domain is not interpreted correctly

[sssd-bot]

Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/3658

• Created at 2018-03-06 21:54:26 by lukasjuhrich
• Closed at 2018-03-26 21:02:15 as Fixed
• Assigned to fidencio

---

Setting up a minimal config for an application domain inheriting from a posix domain as described in the manpage of sssd.conf leads to the appdomain not being read appropriately:

sssd.conf (some comments removed)

[sssd]
config_file_version = 2
services = nss, pam, ssh, sudo, ifp

domains = domtest, apptest

[nss]


[domain/domtest]
id_provider = ldap
ldap_uri = ldap://ldap.example.com
ldap_search_base = dc=example,dc=com

[application/apptest]
inherit_from = domtest

conf.ldb

# record 1
dn: cn=sssd,cn=config
cn: sssd
config_file_version: 2
domains: domtest, apptest
services: nss, pam, ssh, sudo, ifp
distinguishedName: cn=sssd,cn=config

# record 2
dn: cn=config
version: 2
lastUpdate: 1520365646
distinguishedName: cn=config

# record 3
dn: cn=nss,cn=config
cn: nss
distinguishedName: cn=nss,cn=config

# record 4
dn: cn=domtest,cn=domain,cn=config
cn: domtest
id_provider: ldap
ldap_search_base: dc=example,dc=com
ldap_uri: ldap://ldap.example.com
distinguishedName: cn=domtest,cn=domain,cn=config

# record 5
dn: cn=apptest,cn=application,cn=config
cn: apptest
inherit_from: domtest
distinguishedName: cn=apptest,cn=application,cn=config

# returned 5 records
# 5 entries
# 0 referrals

Output

root@lb-test /etc/sssd (git)-[master] # sssctl domain-list -v                  
(Tue Mar  6 20:50:02:884067 2018) [sssd] [confdb_get_domain_internal] (0x0010): Unknown domain [apptest]
(Tue Mar  6 20:50:02:884106 2018) [sssd] [confdb_get_domains] (0x0010): Error (2 [No such file or directory]) retrieving domain [apptest], skipping!
Primary domain: domtest
Primary domain: apptest

Setting debug_level=9 lead to the attached logfile.

Comments

---

Comment from fidencio at 2018-03-06 22:15:24

Metadata Update from @fidencio:

• Issue assigned to fidencio

---

Comment from fidencio at 2018-03-06 23:20:26

@lukasjuhrich, thanks for the report.

We've been discussing this issue on #sssd IRC channel and basically what happens is that from sssctl the confdb does seem to the support application domains.

While it looks like a simple "confdb_expand_app_domains()" call in sss_tool_domains_init() should solve the problem ... it doesn't seem to be the right path to take as I'm seeing some errors on ldb_wait() when calling confdb_merge_parent_domain().

@jhrozek, do you think that modifying the confdb_get_domains() to also iterate over the app domains would be a valid approach? Or do you know what I may be doing wrong that causes an error with the first approach?

---

Comment from fidencio at 2018-03-14 23:25:57

PR: #537

---

Comment from fidencio at 2018-03-14 23:25:59

Metadata Update from @fidencio:

• Custom field patch adjusted to on

---

Comment from jhrozek at 2018-03-15 11:17:24

Metadata Update from @jhrozek:

• Issue set to the milestone: SSSD 1.16.2

---

Comment from jhrozek at 2018-03-15 12:20:23

Metadata Update from @jhrozek:

• Issue tagged with: PR, bug

---

Comment from jhrozek at 2018-03-26 21:01:59

Fixed as a part of:
14b485b
885da2c
a73d70f
f405a4a
e5c74ab

---

Comment from jhrozek at 2018-03-26 21:02:17

Metadata Update from @jhrozek:

• Issue close_status updated to: Fixed
• Issue status updated to: Closed (was: Open)