> Am Wed, Jun 30, 2021 at 07:39:44PM -0000 schrieb iulian roman via > FreeIPA-users: > > Hi, > > maybe there is some unexpected interaction with the code which > automatically handles user private groups and the manual creation of a > user private group with the id-overrides. > > Have you tried if the behavior is more reliable if you change the GID in > user override and group to e.g. 10023634 ? > > bye, > Sumit
I have tried but that does not help either. I have performed hundreds of tests, comparing logs , etc. And no matter how I change settings and overrides, it either works in one sssd version either in the other. Example bellow: sssd 2.2.3 - user test_user with UID override and without GID override : (does not work) ================================================================== id test_user => id: ‘test_user’: no such user , BUT group name similar to user name is added in cache automatically: sssctl group-show [email protected] Name: test_user Cache entry creation date: 07/02/21 16:28:21 Cache entry last update time: 07/02/21 16:28:21 Cache entry expiration time: 07/02/21 17:58:21 Cached in InfoPipe: No getent group test_user test_user:*:1768204988: id test_user => id: ‘test_user’: no such user sssd 1.16.1 - user test_user with UID override and without GID override : (works) ============================================================= id test_user - all groups displayed correctly sssctl group-show [email protected] Group test_user is not present in cache sssctl user-show [email protected] Name: test_user Cache entry creation date: 07/02/21 16:33:32 Cache entry last update time: 07/02/21 16:33:32 Cache entry expiration time: 07/02/21 18:03:32 Initgroups expiration time: 07/02/21 18:03:32 Cached in InfoPipe: No sssd 2.2.3 - user test_user with UID override and with GID override : (works if manually run getent group before) ================================================================================ id test_user => id: ‘test_user’: no such user sssctl group-show [email protected] Group test_user is not present in cache getent group test_user test_user:*:20890: sssctl group-show [email protected] Name: test_user Cache entry creation date: 07/02/21 16:38:53 Cache entry last update time: 07/02/21 16:38:53 Cache entry expiration time: 07/02/21 18:08:53 Cached in InfoPipe: No id test_user - all groups displayed correctly sssd 1.16.1 - user test_user with UID override and with GID override : (works if manually getent group is run) ================================================================================= id test_user => id: ‘test_user’: no such user sssctl group-show [email protected] Group test_user is not present in cache getent group test_user test_user:*:20890: sssctl group-show [email protected] Name: test_user Cache entry creation date: 07/02/21 16:57:59 Cache entry last update time: 07/02/21 16:57:59 Cache entry expiration time: 07/02/21 18:27:59 Cached in InfoPipe: No id test_user - all groups displayed correctly sssctl user-show [email protected] Name: test_user Cache entry creation date: 07/02/21 16:59:02 Cache entry last update time: 07/02/21 16:59:02 Cache entry expiration time: 07/02/21 18:29:02 Initgroups expiration time: 07/02/21 18:29:02 Cached in InfoPipe: No sssctl group-show [email protected] Group test_user is not present in cache. All tests have been performed with empty db on the client and cache invalidated in IPA server. In conclusion , the only combination which works by default is sssd 1.16 with UID override and without GID overrride. Is there any chance to have the same behaviour in sssd 2.2.3 , because apparently I cannot find a common ground between them. _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
