Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proxy provider: secondary group is showing in sssd cache after group is removed #5783

Closed
thalman opened this issue Sep 14, 2021 · 1 comment
Closed

proxy provider: secondary group is showing in sssd cache after group is removed #5783

thalman opened this issue Sep 14, 2021 · 1 comment
Assignees
@ikerexxe
Labels
Bugzilla Closed: Fixed Issue was closed as fixed.

Comments

@thalman
Copy link
Contributor

thalman commented Sep 14, 2021

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 8): Bug 1917970

Created attachment 1748800
sssd- debugging showing the

Description of problem:
Removing a secondary group from a local user, sssd continues to show that user
in the secondary group using the 'id' command even after the group has been
removed. The local user does not show up in that group using the 'getent group'
command.

Version-Release number of selected component (if applicable):
RHEL 8.2
sssd-

How reproducible:
Everytime

Steps to Reproduce:
1. Remove user from testgroup:
     - # gpasswd -d test1 testgroup
2. Test that user is not in secondary group:
     - # groups test1
       test1 : users testgroup
3. Wait until the next morning:
     - # date; groups test1
       test1 : users testgroup

Actual results:
User is still showing as a part of the removed secondary group

Expected results:
User should be removed from the secondary group

Additional info:
- We have attempted to use the workaround/fix from
https://bugzilla.redhat.com/show_bug.cgi?id=1886661
     - The customer said using "entry_cache_timeout" in the sssd.conf file did
not help at all.

Thorsten suggested opening this as a Bugzilla, so I am.
@ikerexxe ikerexxe self-assigned this Sep 14, 2021
ikerexxe added a commit to ikerexxe/sssd that referenced this issue Sep 14, 2021
@ikerexxe
proxy: allow removing group members
97c7d03 
The proxy provider doesn't allow to remove group members once they have
been added. This patch allows to do it by looping the member list from
the cache and comparing it with the actual membership list. If a member
is missing then it's removed from the cache.

Resolves: SSSD#5783

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
@ikerexxe ikerexxe mentioned this issue Sep 14, 2021
Closed
ikerexxe added a commit to ikerexxe/sssd that referenced this issue Sep 16, 2021
@ikerexxe
proxy: allow removing group members
6ef5ac2 
The proxy provider doesn't allow to remove group members once they have
been added. This patch allows to do it by looping the member list from
the cache and comparing it with the actual membership list. If a member
is missing then it's removed from the cache.

Resolves: SSSD#5783

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
ikerexxe added a commit to ikerexxe/sssd that referenced this issue Oct 6, 2021
@ikerexxe
proxy: allow removing group members
9f2cf6a 
The proxy provider doesn't allow to remove group members once they have
been added. This patch allows to do it by looping the member list from
the cache and comparing it with the actual membership list. If a member
is missing then it's removed from the cache.

Resolves: SSSD#5783

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
ikerexxe added a commit to ikerexxe/sssd that referenced this issue Oct 18, 2021
@ikerexxe
proxy: allow removing group members
be0584d 
The proxy provider doesn't allow to remove group members once they have
been added. This patch allows to do it by looping the member list from
the cache and comparing it with the actual membership list. If a member
is missing then it's removed from the cache.

Resolves: SSSD#5783

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
ikerexxe added a commit to ikerexxe/sssd that referenced this issue Oct 21, 2021
@ikerexxe
proxy: allow removing group members
035de7e 
The proxy provider doesn't allow to remove group members once they have
been added. This patch allows to do it by looping the member list from
the cache and comparing it with the actual membership list. If a member
is missing then it's removed from the cache.

Resolves: SSSD#5783

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
ikerexxe added a commit to ikerexxe/sssd that referenced this issue Oct 21, 2021
@ikerexxe
proxy: allow removing group members
2fc3e52 
The proxy provider doesn't allow to remove group members once they have
been added. This patch allows to do it by looping the member list from
the cache and comparing it with the actual membership list. If a member
is missing then it's removed from the cache.

Resolves: SSSD#5783

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
@pbrezina
Copy link
Member

pbrezina commented Nov 1, 2021

Pushed PR: #5784

  • master
    • 301659a - proxy: allow removing group members

@pbrezina pbrezina added the Closed: Fixed Issue was closed as fixed. label Nov 1, 2021
shridhargadekar pushed a commit to shridhargadekar/sssd that referenced this issue Nov 23, 2021
Tests: Removed secondary group shown in cache
40c698f 
Verifies: SSSD#5783
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1917970
@shridhargadekar shridhargadekar mentioned this issue Nov 23, 2021
Closed
shridhargadekar pushed a commit to shridhargadekar/sssd that referenced this issue Nov 25, 2021
Tests: Removed secondary group shown in cache
aebefbe 
Verifies: SSSD#5783
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1917970
pbrezina pushed a commit that referenced this issue Nov 26, 2021
@pbrezina
Tests: Removed secondary group shown in cache
b2eb01e 
Verifies: #5783
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1917970

Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
jakub-vavra-cz pushed a commit to jakub-vavra-cz/sssd that referenced this issue Jan 25, 2022
@jakub-vavra-cz
Tests: Removed secondary group shown in cache
ccc7231 
Verifies: SSSD#5783
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1917970

Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
shridhargadekar pushed a commit to shridhargadekar/sssd that referenced this issue Apr 1, 2022
@ikerexxe
proxy: allow removing group members
038dabc 
The proxy provider doesn't allow to remove group members once they have
been added. This patch allows to do it by looping the member list from
the cache and comparing it with the actual membership list. If a member
is missing then it's removed from the cache.

Resolves: SSSD#5783

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
shridhargadekar pushed a commit to shridhargadekar/sssd that referenced this issue Apr 1, 2022
Tests: Removed secondary group shown in cache
41deebe 
Verifies: SSSD#5783
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1917970

Reviewed-by: Steeve Goveas <sgoveas@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ikerexxe ikerexxe

Labels
Bugzilla Closed: Fixed Issue was closed as fixed.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

proxy: allow removing group members ikerexxe/sssd
4 participants
@thalman @ikerexxe @pbrezina @alexey-tikhonov