On (22/01/15 18:39), Sumit Bose wrote:
Hi,
one of the recent patches related to the changes of the sysdb calls to return ENOENT broke the flow in the lookups by SID. As a result the request always returned if no result was found in the cache instead of asking the backend. With the new flow the ldb_result has to be properly initialized (I remember there was a long discussion about it, but I can't remember the result, so I fixed it in the caller).
The verify this you need just to look up a SID with is currently not in the cache, the easiest way is to use an empty cache:
python -c "import pysss_nss_idmap; print pysss_nss_idmap.getnamebysid('S-1-5-21-3456664713-2053453454-4165325232-500')"
Without the patch only an empty list is return, with the patch the SID is properly looked up by the backend.
bye, Sumit
From b04a7814f5ca1a21c333e8e9596104a71d0720fe Mon Sep 17 00:00:00 2001 From: Sumit Bose sbose@redhat.com Date: Thu, 22 Jan 2015 18:30:04 +0100 Subject: [PATCH] nss: fix SID lookups
src/responder/nss/nsssrv_cmd.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
Sumit helped me with my issue in different mail. I was using id_provider = ldap with AD and therefore subdomain provider was not configured. Therefore I was not able to use pysss_nss_idmap.getnamebysid.
It works with id_provider = ad.
There are not warnings from static analysers. http://sssd-ci.duckdns.org/logs/job/6/59/summary.html
ACK
LS