The way the code is currently written is, if there is a duplicate:
- check if the "new" group has the same SID, uniqueID or original DN
as the "old" one
- yes, same: this is a rename, allow
- no, different: this is a duplicate, error
I'm not clear on the start of this flow - what is meant by "if there is a
duplicate"?
What I see on the affected system is e.g.:
getent group abcd..1
abcd..1 :*:1234:<userlist for abcd..1>
getent group 1234
(returns same entry as for abcd..1)
Oddly, if I then:
getent group abcd..2
abcd..2 :*:1234:<userlist for abcd..2>
getent group 1234
(returns same entry as for abcd..1 - not abcd..2)
However, at some point the cache gets into a state whereby:
getent group 1234
(returns empty result and also the duplicate GID error message in system log)
a subsequent "getent group abcd..N" will also generally return the empty result.
However if I script a getent of every suffixed group, each time followed by a getent of
the GID, eventually it "kicks loose" and reverts to the initial state. It
doesn't last very long however. General system activity seems to return it to the
"stuck cache" before too long. Since we have multiple split groups, this can be
happening simultaneously for multiple groups.
Gareth
-----Original Message-----
From: Jakub Hrozek [mailto:jhrozek@redhat.com]
Sent: Monday, September 24, 2018 10:59 AM
To: sssd-users(a)lists.fedorahosted.org
Subject: [SSSD-users] Re: Issues with SSSD cache on version 1.13.4
On Mon, Sep 24, 2018 at 10:22:35AM -0400, Simo Sorce wrote:
> btw it’s a good question to ask why isn’t the check done on
saving
> the group. I thought it was and I see code that checks for ID
> uniqueness and even a test..
In current code, saving would override data as if the group was
renamed changed I think ?
The way the code is currently written is, if there is a duplicate:
- check if the "new" group has the same SID, uniqueID or original DN
as the "old" one
- yes, same: this is a rename, allow
- no, different: this is a duplicate, error
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org To unsubscribe send an email
to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...