URL: https://github.com/SSSD/sssd/pull/877 Author: scabrero Title: #877: SYSDB: Delete linked local user overrides when deleting a user Action: opened
PR body: """ If a cached user having a linked userOverride is deleted from the LDAP server, at some point it will be deleted from cache too but its linked userOverride object will not. This causes the command sss_override to fail:
[sssd] [append_name] (0x0020): sysdb_search_entry() failed [2]: No such file or directory [sssd] [list_overrides] (0x0020): Unable to append name [2]: No such file or directory [sssd] [user_export] (0x0020): Unable to get override objects [sssd] [override_user_find] (0x0020): Unable to export users
Signed-off-by: Samuel Cabrero scabrero@suse.de """
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/877/head:pr877 git checkout pr877
URL: https://github.com/SSSD/sssd/pull/877 Title: #877: SYSDB: Delete linked local user overrides when deleting a user
centos-ci commented: """ Can one of the admins verify this patch? """
See the full comment at https://github.com/SSSD/sssd/pull/877#issuecomment-527477864
URL: https://github.com/SSSD/sssd/pull/877 Title: #877: SYSDB: Delete linked local user overrides when deleting a user
pbrezina commented: """ ok to test """
See the full comment at https://github.com/SSSD/sssd/pull/877#issuecomment-527798967
URL: https://github.com/SSSD/sssd/pull/877 Title: #877: SYSDB: Delete linked local user overrides when deleting a user
sumit-bose commented: """ Hi @scabrero,
thank you for the patch. I wonder if the issue can be solved differently by making `sss_override` more robust?
I'm asking because the override data is currently only stored in the cache and if it is removed it is lost. If now a cached entry gets removed accidentally on the server or by a bug on the client and is added later again the override data will be missing.
bye, Sumit """
See the full comment at https://github.com/SSSD/sssd/pull/877#issuecomment-527846738
URL: https://github.com/SSSD/sssd/pull/877 Title: #877: SYSDB: Delete linked local user overrides when deleting a user
scabrero commented: """ On Wed, Sep 04, 2019 at 03:43:15AM -0700, sumit-bose wrote:
I'm asking because the override data is currently only stored in the cache and if it is removed it is lost. If now a cached entry gets removed accidentally on the server or by a bug on the client and is added later again the override data will be missing.
You are right, the sss_override command could (and probably should) be improved to ignore userOverride objects without maching user objects, or at least print a warning to notify the problem and let an admin remove the orphaned entries. Also a prune subcommand to remove those entries would be nice.
The problem is that even if an orphaned userOverride exists in the cache and the matching user is added back the override won't work because the 'overrideDN' attribute in the user object is only added by the sss_override command. I thought about adding logic to search matching userOverrides by computing the DN and restore the overrideDN when adding an user to the cache, but I think the current approach is safer.
"""
See the full comment at https://github.com/SSSD/sssd/pull/877#issuecomment-527855018
URL: https://github.com/SSSD/sssd/pull/877 Title: #877: SYSDB: Delete linked local user overrides when deleting a user
pbrezina commented: """ As @scabrero said, if the user is re-added it is not associated with the override object so it is pointless to keep it for this reason. It would have to be changed, but then again it is not our decision to make whether the association should be recreated or not.
My expectation if an entry is deleted from LDAP is that it is completely removed from the cache. """
See the full comment at https://github.com/SSSD/sssd/pull/877#issuecomment-532574440
URL: https://github.com/SSSD/sssd/pull/877 Title: #877: SYSDB: Delete linked local user overrides when deleting a user
Label: +Changes requested
URL: https://github.com/SSSD/sssd/pull/877 Author: scabrero Title: #877: SYSDB: Delete linked local user overrides when deleting a user Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/877/head:pr877 git checkout pr877
URL: https://github.com/SSSD/sssd/pull/877 Author: scabrero Title: #877: SYSDB: Delete linked local user overrides when deleting a user Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/877/head:pr877 git checkout pr877
URL: https://github.com/SSSD/sssd/pull/877 Title: #877: SYSDB: Delete linked local user overrides when deleting a user
Label: -Changes requested
URL: https://github.com/SSSD/sssd/pull/877 Title: #877: SYSDB: Delete linked local user overrides when deleting a user
Label: +Waiting for review
URL: https://github.com/SSSD/sssd/pull/877 Title: #877: SYSDB: Delete linked local user overrides when deleting a user
sumit-bose commented: """ Hi,
the patch looks good now, can you just replace the plain libldb transaction calls with sysdb_transaction_{start|commit|cancel}'?
bye, Sumit """
See the full comment at https://github.com/SSSD/sssd/pull/877#issuecomment-540592733
URL: https://github.com/SSSD/sssd/pull/877 Title: #877: SYSDB: Delete linked local user overrides when deleting a user
Label: +Changes requested
URL: https://github.com/SSSD/sssd/pull/877 Title: #877: SYSDB: Delete linked local user overrides when deleting a user
Label: -Waiting for review
URL: https://github.com/SSSD/sssd/pull/877 Author: scabrero Title: #877: SYSDB: Delete linked local user overrides when deleting a user Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/877/head:pr877 git checkout pr877
URL: https://github.com/SSSD/sssd/pull/877 Title: #877: SYSDB: Delete linked local user overrides when deleting a user
scabrero commented: """ Done. """
See the full comment at https://github.com/SSSD/sssd/pull/877#issuecomment-541312538
URL: https://github.com/SSSD/sssd/pull/877 Title: #877: SYSDB: Delete linked local user overrides when deleting a user
sumit-bose commented: """ Thanks. The failed CI tests does not seem related and worked for me locally. ACK """
See the full comment at https://github.com/SSSD/sssd/pull/877#issuecomment-541622542
URL: https://github.com/SSSD/sssd/pull/877 Title: #877: SYSDB: Delete linked local user overrides when deleting a user
Label: -Changes requested
URL: https://github.com/SSSD/sssd/pull/877 Title: #877: SYSDB: Delete linked local user overrides when deleting a user
Label: +Accepted
URL: https://github.com/SSSD/sssd/pull/877 Title: #877: SYSDB: Delete linked local user overrides when deleting a user
Label: +Ready to push
URL: https://github.com/SSSD/sssd/pull/877 Title: #877: SYSDB: Delete linked local user overrides when deleting a user
pbrezina commented: """ * `master` * f67109c46cec6eacbfa94aa20bfe6f8a930ba9b9 - SYSDB: Delete linked local user overrides when deleting a user
"""
See the full comment at https://github.com/SSSD/sssd/pull/877#issuecomment-542120136
URL: https://github.com/SSSD/sssd/pull/877 Title: #877: SYSDB: Delete linked local user overrides when deleting a user
Label: +Pushed
URL: https://github.com/SSSD/sssd/pull/877 Title: #877: SYSDB: Delete linked local user overrides when deleting a user
Label: -Accepted
URL: https://github.com/SSSD/sssd/pull/877 Title: #877: SYSDB: Delete linked local user overrides when deleting a user
Label: -Ready to push
URL: https://github.com/SSSD/sssd/pull/877 Author: scabrero Title: #877: SYSDB: Delete linked local user overrides when deleting a user Action: closed
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/877/head:pr877 git checkout pr877
sssd-devel@lists.fedorahosted.org
-
centos-ci -
pbrezina
-
scabrero
-
sumit-bose