SSSD is not fully registering the domains if the cache is empty #7250
Labels
Comments
|
Hi, this issue should be reproducible with a grand-child domain. The issue is in the fallback code which is called if there is no domain object for the forest root stored in the LDAP tree of the local domain. Iirc a grand-child domain will only have information about its parent (the child-domain) but not about the forest root stored in the LDAP tree. When joined to the grand-child domain and started with an empty cache looking up a user from the forest root with the where the domain-SID part of the SID is the one of the forest root. bye, |
sumit-bose
added a commit
to sumit-bose/sssd
that referenced
this issue
Mar 20, 2024
If the domain object of the forest root domain cannot be found in the LDAP tree of the local AD domain SSSD tries to read the request data from an LDAP server of the forest root domain directly. After reading this data the information is stored in the cache but currently the information about the domain store in memory is not updated with the additional data. As a result e.g. the domain SID is missing in this data and only becomes available after a restart where it is read from the cache. With this patch an unconditional refresh is triggered at the end of the fallback code path. Resolves: SSSD#7250
|
I have seen this too. Had to delete the sssd cache to get my groups back |
would you be able to test patches from #7251? |
Not really, I cannot force it |
sumit-bose
added a commit
to sumit-bose/sssd
that referenced
this issue
Apr 23, 2024
If the domain object of the forest root domain cannot be found in the LDAP tree of the local AD domain SSSD tries to read the request data from an LDAP server of the forest root domain directly. After reading this data the information is stored in the cache but currently the information about the domain store in memory is not updated with the additional data. As a result e.g. the domain SID is missing in this data and only becomes available after a restart where it is read from the cache. With this patch an unconditional refresh is triggered at the end of the fallback code path. Resolves: SSSD#7250
alexey-tikhonov
pushed a commit
that referenced
this issue
Apr 23, 2024
If the domain object of the forest root domain cannot be found in the LDAP tree of the local AD domain SSSD tries to read the request data from an LDAP server of the forest root domain directly. After reading this data the information is stored in the cache but currently the information about the domain store in memory is not updated with the additional data. As a result e.g. the domain SID is missing in this data and only becomes available after a restart where it is read from the cache. With this patch an unconditional refresh is triggered at the end of the fallback code path. Resolves: #7250 Reviewed-by: Dan Lavu <[email protected]> Reviewed-by: Tomáš Halman <[email protected]> (cherry picked from commit 0de6c33)
alexey-tikhonov
pushed a commit
to alexey-tikhonov/sssd
that referenced
this issue
Nov 13, 2024
If the domain object of the forest root domain cannot be found in the LDAP tree of the local AD domain SSSD tries to read the request data from an LDAP server of the forest root domain directly. After reading this data the information is stored in the cache but currently the information about the domain store in memory is not updated with the additional data. As a result e.g. the domain SID is missing in this data and only becomes available after a restart where it is read from the cache. With this patch an unconditional refresh is triggered at the end of the fallback code path. Resolves: SSSD#7250 Reviewed-by: Dan Lavu <[email protected]> Reviewed-by: Tomáš Halman <[email protected]> (cherry picked from commit 0de6c33) (cherry picked from commit db27a51)
alexey-tikhonov
pushed a commit
to alexey-tikhonov/sssd
that referenced
this issue
Nov 15, 2024
If the domain object of the forest root domain cannot be found in the LDAP tree of the local AD domain SSSD tries to read the request data from an LDAP server of the forest root domain directly. After reading this data the information is stored in the cache but currently the information about the domain store in memory is not updated with the additional data. As a result e.g. the domain SID is missing in this data and only becomes available after a restart where it is read from the cache. With this patch an unconditional refresh is triggered at the end of the fallback code path. Resolves: SSSD#7250 Reviewed-by: Dan Lavu <[email protected]> Reviewed-by: Tomáš Halman <[email protected]> (cherry picked from commit 0de6c33) (cherry picked from commit db27a51)
alexey-tikhonov
pushed a commit
to alexey-tikhonov/sssd
that referenced
this issue
Nov 15, 2024
If the domain object of the forest root domain cannot be found in the LDAP tree of the local AD domain SSSD tries to read the request data from an LDAP server of the forest root domain directly. After reading this data the information is stored in the cache but currently the information about the domain store in memory is not updated with the additional data. As a result e.g. the domain SID is missing in this data and only becomes available after a restart where it is read from the cache. With this patch an unconditional refresh is triggered at the end of the fallback code path. Resolves: SSSD#7250 Reviewed-by: Dan Lavu <[email protected]> Reviewed-by: Tomáš Halman <[email protected]> (cherry picked from commit 0de6c33) (cherry picked from commit db27a51)
alexey-tikhonov
pushed a commit
to alexey-tikhonov/sssd
that referenced
this issue
Nov 15, 2024
If the domain object of the forest root domain cannot be found in the LDAP tree of the local AD domain SSSD tries to read the request data from an LDAP server of the forest root domain directly. After reading this data the information is stored in the cache but currently the information about the domain store in memory is not updated with the additional data. As a result e.g. the domain SID is missing in this data and only becomes available after a restart where it is read from the cache. With this patch an unconditional refresh is triggered at the end of the fallback code path. Resolves: SSSD#7250 Reviewed-by: Dan Lavu <[email protected]> Reviewed-by: Tomáš Halman <[email protected]> (cherry picked from commit 0de6c33) (cherry picked from commit db27a51)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This issue is cloned from https://issues.redhat.com/browse/RHEL-27716
The text was updated successfully, but these errors were encountered: