10:13 a.m.
On (17/09/13 16:15), Pavel Březina wrote:
On 09/16/2013 01:13 PM, Lukas Slebodnik wrote:
>On (16/09/13 12:24), Pavel Březina wrote:
>>On 09/16/2013 12:15 PM, Jakub Hrozek wrote:
>>>On Mon, Sep 16, 2013 at 11:01:36AM +0200, Pavel Březina wrote:
>>>>On 09/13/2013 04:52 PM, Lukas Slebodnik wrote:
>>>>>ehlo,
>>>>>
>>>>>Attached patch resolves ticket #2075
>>>>>
>>>>>LS
>>>>
>>>>Hi,
>>>>minor nack.
>>>>
>>>>>+ ret = sdap_get_netgroup_primary_name(memctx, opts, attrs, dom,
&name);
>>>>>+ if (ret != EOK) {
>>>>>+ DEBUG(SSSDBG_OP_FAILURE, ("Failed to get netgroup
name\n"));
>>>>>+ goto fail;
>>>>>+ }
>>>>
>>>>Wrong indentation ^^ otherwise LGTM
>>>>
>>>>Can you provide steps to reproduce please? I tries following netgroups:
>>>>
>>>>dn: cn=ng-1,ou=Netgroups,dc=ldap,dc=pb
>>>>objectClass: top
>>>>objectClass: nisNetgroup
>>>>cn: ng-1
>>>>cn: ng-3
>>>>nisNetgroupTriple: (,,bobby,example.com)
>>>>nisNetgroupTriple: (,,johny.example.com)
>>>
>>>Would it trigger the bug if you reversed the order of the cn attributes?
>>>Or would that make saving the netgroup fail in sssd_be?
>>
>>Reversing the order of cn attributes did not help but I triggered the
>>bug when dn=cn=ng-1 had only one cn, but dn=ng-3 had cn=ng-3 and
>>cn=ng-1.
>
>The same result should be also without patch.
>
>BTW It is a misconfiguration, if you use the same cn in two different entries.
>
>Original problem was that the same netrgoup was stored to ldb
>with the first cn attribute and later with the second cn attribute.
>
>LS
OK then. I have cn=ng-1, cn=ng-11 and cn=ng-3,cn=ng-33. Logs looks
clear and it is stored correctly only once using rdn.
However nameAlias still contains wrong cn, we should fix that as well.
dn: name=ng-1,cn=Netgroups,cn=LDAP.PB,cn=sysdb
createTimestamp: 1379426841
name: ng-1
objectClass: netgroup
originalDN: cn=ng-1,ou=Netgroups,dc=ldap,dc=pb
originalModifyTimestamp: 20130917134857Z
netgroupTriple: (,,bobby,example.com)
netgroupTriple: (,,johny.example.com)
*nameAlias: ng-11*
lastUpdate: 1379426841
dataExpireTimestamp: 1379432241
distinguishedName: name=ng-1,cn=Netgroups,cn=LDAP.PB,cn=sysdb
I thought it is intention to have nameAliases for other cn.
ldapsearch -LLL -x -h localhost -b
cn=netgroup_dup_cn,cn=ng_custom,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com
dn: cn=netgroup_dup_cn,cn=ng_custom,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=c om
objectClass: nisNetgroup
objectClass: top
nisNetgroupTriple: (-,usersssd01,idm.lab.eng.brq.redhat.com)
nisNetgroupTriple: (-,usersssd02,idm.lab.eng.brq.redhat.com)
cn: netgroup_dup_cn
cn: netgroup_netgroup_dup3_cn
cn: netgroup_netgroup_dup4_cn
cn: netgroup_netgroup_dup_cn
And output from sssd cache:
ldbsearch -H /var/lib/sss/db/cache_default.ldb -b
"name=netgroup_dup_cn,cn=Netgroups,cn=default,cn=sysdb"
dn: name=netgroup_dup_cn,cn=Netgroups,cn=default,cn=sysdb
createTimestamp: 1379430258
name: netgroup_dup_cn
objectClass: netgroup
originalDN: cn=netgroup_dup_cn,cn=ng_custom,dc=idm,dc=lab,dc=eng,dc=brq,dc=red hat,dc=com
originalModifyTimestamp: 20130917145913Z
netgroupTriple: (-,usersssd01,idm.lab.eng.brq.redhat.com)
netgroupTriple: (-,usersssd02,idm.lab.eng.brq.redhat.com)
nameAlias: netgroup_netgroup_dup3_cn
nameAlias: netgroup_netgroup_dup4_cn
nameAlias: netgroup_netgroup_dup_cn
lastUpdate: 1379430258
dataExpireTimestamp: 1379435658
distinguishedName: name=netgroup_dup_cn,cn=Netgroups,cn=default,cn=sysdb
LS