>The way the code is currently written is, if there is a duplicate: > - check if the "new" group has the same SID, uniqueID or original DN > as the "old" one > - yes, same: this is a rename, allow > - no, different: this is a duplicate, error
I'm not clear on the start of this flow - what is meant by "if there is a duplicate"? What I see on the affected system is e.g.: getent group abcd..1 abcd..1 :*:1234:<userlist for abcd..1> getent group 1234 (returns same entry as for abcd..1) Oddly, if I then: getent group abcd..2 abcd..2 :*:1234:<userlist for abcd..2> getent group 1234 (returns same entry as for abcd..1 - not abcd..2) However, at some point the cache gets into a state whereby: getent group 1234 (returns empty result and also the duplicate GID error message in system log) a subsequent "getent group abcd..N" will also generally return the empty result. However if I script a getent of every suffixed group, each time followed by a getent of the GID, eventually it "kicks loose" and reverts to the initial state. It doesn't last very long however. General system activity seems to return it to the "stuck cache" before too long. Since we have multiple split groups, this can be happening simultaneously for multiple groups. Gareth -----Original Message----- From: Jakub Hrozek [mailto:[email protected]] Sent: Monday, September 24, 2018 10:59 AM To: [email protected] Subject: [SSSD-users] Re: Issues with SSSD cache on version 1.13.4 On Mon, Sep 24, 2018 at 10:22:35AM -0400, Simo Sorce wrote: > > btw it’s a good question to ask why isn’t the check done on saving > > the group. I thought it was and I see code that checks for ID > > uniqueness and even a test.. > > In current code, saving would override data as if the group was > renamed changed I think ? The way the code is currently written is, if there is a duplicate: - check if the "new" group has the same SID, uniqueID or original DN as the "old" one - yes, same: this is a rename, allow - no, different: this is a duplicate, error _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
