On Wed, Sep 18, 2013 at 03:00:40PM +0200, Pavel Březina wrote:
On 09/17/2013 07:33 PM, Jakub Hrozek wrote:
>On Tue, Sep 17, 2013 at 05:13:43PM +0200, Lukas Slebodnik wrote:
>>On (17/09/13 16:15), Pavel Březina wrote:
>>>On 09/16/2013 01:13 PM, Lukas Slebodnik wrote:
>>>>On (16/09/13 12:24), Pavel Březina wrote:
>>>>>On 09/16/2013 12:15 PM, Jakub Hrozek wrote:
>>>>>>On Mon, Sep 16, 2013 at 11:01:36AM +0200, Pavel Březina wrote:
>>>>>>>On 09/13/2013 04:52 PM, Lukas Slebodnik wrote:
>>>>>>>>ehlo,
>>>>>>>>
>>>>>>>>Attached patch resolves ticket #2075
>>>>>>>>
>>>>>>>>LS
>>>>>>>
>>>>>>>Hi,
>>>>>>>minor nack.
>>>>>>>
>>>>>>>>+ ret = sdap_get_netgroup_primary_name(memctx, opts,
attrs, dom, &name);
>>>>>>>>+ if (ret != EOK) {
>>>>>>>>+ DEBUG(SSSDBG_OP_FAILURE, ("Failed to get
netgroup name\n"));
>>>>>>>>+ goto fail;
>>>>>>>>+ }
>>>>>>>
>>>>>>>Wrong indentation ^^ otherwise LGTM
>>>>>>>
>>>>>>>Can you provide steps to reproduce please? I tries following
netgroups:
>>>>>>>
>>>>>>>dn: cn=ng-1,ou=Netgroups,dc=ldap,dc=pb
>>>>>>>objectClass: top
>>>>>>>objectClass: nisNetgroup
>>>>>>>cn: ng-1
>>>>>>>cn: ng-3
>>>>>>>nisNetgroupTriple: (,,bobby,example.com)
>>>>>>>nisNetgroupTriple: (,,johny.example.com)
>>>>>>
>>>>>>Would it trigger the bug if you reversed the order of the cn
attributes?
>>>>>>Or would that make saving the netgroup fail in sssd_be?
>>>>>
>>>>>Reversing the order of cn attributes did not help but I triggered
the
>>>>>bug when dn=cn=ng-1 had only one cn, but dn=ng-3 had cn=ng-3 and
>>>>>cn=ng-1.
>>>>
>>>>The same result should be also without patch.
>>>>
>>>>BTW It is a misconfiguration, if you use the same cn in two different
entries.
>>>>
>>>>Original problem was that the same netrgoup was stored to ldb
>>>>with the first cn attribute and later with the second cn attribute.
>>>>
>>>>LS
>>>
>>>OK then. I have cn=ng-1, cn=ng-11 and cn=ng-3,cn=ng-33. Logs looks
>>>clear and it is stored correctly only once using rdn.
>>>
>>>However nameAlias still contains wrong cn, we should fix that as well.
>>>
>>>dn: name=ng-1,cn=Netgroups,cn=LDAP.PB,cn=sysdb
>>>createTimestamp: 1379426841
>>>name: ng-1
>>>objectClass: netgroup
>>>originalDN: cn=ng-1,ou=Netgroups,dc=ldap,dc=pb
>>>originalModifyTimestamp: 20130917134857Z
>>>netgroupTriple: (,,bobby,example.com)
>>>netgroupTriple: (,,johny.example.com)
>>>*nameAlias: ng-11*
>>>lastUpdate: 1379426841
>>>dataExpireTimestamp: 1379432241
>>>distinguishedName: name=ng-1,cn=Netgroups,cn=LDAP.PB,cn=sysdb
>>>
>>
>>I thought it is intention to have nameAliases for other cn.
>>
>>ldapsearch -LLL -x -h localhost -b
cn=netgroup_dup_cn,cn=ng_custom,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com
>>dn: cn=netgroup_dup_cn,cn=ng_custom,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=c
om
>>objectClass: nisNetgroup
>>objectClass: top
>>nisNetgroupTriple: (-,usersssd01,idm.lab.eng.brq.redhat.com)
>>nisNetgroupTriple: (-,usersssd02,idm.lab.eng.brq.redhat.com)
>>cn: netgroup_dup_cn
>>cn: netgroup_netgroup_dup3_cn
>>cn: netgroup_netgroup_dup4_cn
>>cn: netgroup_netgroup_dup_cn
>>
>>And output from sssd cache:
>>ldbsearch -H /var/lib/sss/db/cache_default.ldb -b
"name=netgroup_dup_cn,cn=Netgroups,cn=default,cn=sysdb"
>>dn: name=netgroup_dup_cn,cn=Netgroups,cn=default,cn=sysdb
>>createTimestamp: 1379430258
>>name: netgroup_dup_cn
>>objectClass: netgroup
>>originalDN: cn=netgroup_dup_cn,cn=ng_custom,dc=idm,dc=lab,dc=eng,dc=brq,dc=red
hat,dc=com
>>originalModifyTimestamp: 20130917145913Z
>>netgroupTriple: (-,usersssd01,idm.lab.eng.brq.redhat.com)
>>netgroupTriple: (-,usersssd02,idm.lab.eng.brq.redhat.com)
>>nameAlias: netgroup_netgroup_dup3_cn
>>nameAlias: netgroup_netgroup_dup4_cn
>>nameAlias: netgroup_netgroup_dup_cn
>>lastUpdate: 1379430258
>>dataExpireTimestamp: 1379435658
>>distinguishedName: name=netgroup_dup_cn,cn=Netgroups,cn=default,cn=sysdb
>>
>>LS
>
>This is what I would expect as well.
I'm sorry, I was blind but now I see it in the code.
I thought that we use name alias only to store lower cased name in
case of case insensitive domain.
Ack then.
Pushed to master and sssd-1-11