URL:
https://github.com/SSSD/sssd/pull/277
Title: #277: CACHE_REQ_SEARCH: Check for filtered users/groups also on cache_req_send()
fidencio commented:
"""
Just for the record ...
There are two reliable reproducers (at least on my machine) and they are:
Here's the parts of the sssd.conf that are related to this issue:
```
[domain/ipa.example]
...
# Set it accordingly depending on using enumeration or net
enumerate = True
...
[nss]
...
filter_users = user00, user01
filter_groups = user00, user01
entry_negative_timeout = 1
....
```
* When using enumeration:
`# rm -rf /var/log/sssd/sssd* /var/lib/sss/db/* ; systemctl restart sssd; id
1790400001;`
And the answer will be:
`uid=1790400001(user00) gid=1790400001(user00) groups=1790400001(user00)`
* When not using enumeration:
`# rm -rf /var/log/sssd/sssd* /var/lib/sss/db/* ; systemctl restart sssd; getent passwd
1790400001; sleep 2; id 1790400001`
And the answer will be:
`uid=1790400001(user00) gid=1790400001(user00) groups=1790400001(user00)`
And the expected result for both cases is:
`id: ‘1790400001’: no such user`
"""
See the full comment at
https://github.com/SSSD/sssd/pull/277#issuecomment-303327133