Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-1680

auto_private_groups does not create cache in IPA server SSSD cache

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • rhel-8.10
    • rhel-8.10
    • sssd
    • sssd-2.9.4-1.el8
    • None
    • None
    • rhel-sst-idm-sssd
    • ssg_idm
    • 20
    • 21
    • 0
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • Unspecified
    • None

      What were you trying to do that didn't work?

      It took about 1 minutes to resolve trusted AD users in IdM client, which prevent them from login before the users are resolved.

      While IPA server have no problem resolving the users, yet the user private groups did not exist in the SSSD cache, which may cause IPA client failed to get the user private group from IPA server, thus IPA client has to query and cache the group itself, causing delay.

      % ipa idrange-find
      Range name: AD.EXAMPLE.COM_id_range
      First Posix ID of the range: 100000
      Number of IDs in the range: 200000
      ...
      Range type: Active Directory trust range with POSIX attributes
      Auto private groups: hybrid

      AD users have following POSIX attribute
      uidNumber: 2000
      gidNumber: 2000

      However, there are no AD group that has gidNumber: 2000

      Please provide the package NVR for which bug is seen:

      sssd-2.8.2-3.el8_8
      ipa-client-4.9.11-5.module+el8.8.0+18146+a1d8660b.x86_64
      ipa-server-4.9.11-5.module+el8.8.0+18146+a1d8660b.x86_64

      How reproducible:

      Always

      Steps to reproduce

      1. On IPA server
        systemctl stop sssd; rm -fr /var/lib/sss/ {db,mc}

        /*; systemctl start sssd

      2. id aduser
      3. ldbsearch -H /var/lib/sss/db/cache_idm.example.com name=aduser@ad.example.com

      Expected results

      group aduser@ad.example.com should appear in SSSD cache

      Actual results

      group aduser@ad.example.com did not appear in SSSD cache

        1. image-2023-09-07-10-37-10-702.png
          0.1 kB
        2. image-2023-09-07-10-37-15-365.png
          0.1 kB
        3. image-2023-09-07-10-37-31-696.png
          0.1 kB
        4. image-2023-09-07-10-38-03-595.png
          0.1 kB
        5. image-2023-09-07-10-38-25-888.png
          0.1 kB
        6. image-2023-09-11-16-19-28-143.png
          0.1 kB
        7. image-2023-09-14-11-41-53-069.png
          0.1 kB
        8. libipa_extdom_extop.so
          40 kB
        9. sssd-2.8.2-4.el8_8sb1.tar.gz
          12.07 MB
        10. new-sssd-2.8.2-4.el8_8sb1.tar.gz
          12.07 MB

              sbose@redhat.com Sumit Bose
              rhn-support-dchen Ding Yi Chen
              SSSD Maintainers SSSD Maintainers
              Madhuri Upadhye Madhuri Upadhye
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated:
                Resolved: