Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1435662

Summary: With multiple subdomain sections id command output for user is not displayed for both domains
Product: [Fedora] Fedora Reporter: Sudhir Menon <sumenon>
Component: sssdAssignee: Jakub Hrozek <jhrozek>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 25CC: abokovoy, jhrozek, lslebodn, mzidek, pbrezina, rharwood, sbose, ssorce
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sssd-1.15.3-1.fc26 sssd-1.15.3-1.fc24 sssd-1.15.3-1.fc25 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1441545 (view as bug list) Environment:
Last Closed: 2017-07-31 06:24:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1441545    

Description Sudhir Menon 2017-03-24 13:40:58 UTC
Description of problem: With multiple subdomain section having ldap_search_base and ldap_user_search_base id command returns only for one domain.


Version-Release number of selected component (if applicable):
freeipa-server-4.4.3-2.fc25.x86_64
freeipa-server-dns-4.4.3-2.fc25.noarch
freeipa-server-trust-ad-4.4.3-2.fc25.x86_64
freeipa-server-common-4.4.3-2.fc25.noarch
sssd-1.15.2-1.fc25.x86_64
samba-4.5.6-0.fc25.x86_64
krb5-server-1.14.4-4.fc25.x86_64

How reproducible: Always

Steps to Reproduce:
1. Install IPA Server
2. Ensure IPA server have trust established with two AD domains.(pne.qe and ptb.qe in this case)
3. create a OU named sales with user test1
4. create a OU named sales with user test1 
5. Edit the sssd.conf on IPA server to include two subdomain sections.

[domain/testqe.test/pne.qe]
debug_level = 9
ad_server = win1.pne.qe
ldap_search_base = dc=pne,dc=qe
ldap_user_search_base = ou=sales,dc=pne,dc=qe

[domain/testqe.test/ptb.qe]
debug_level = 9
ad_server = apache.ptb.qe
ldap_search_base = dc=ptb,dc=qe
ldap_user_search_base = ou=sales,dc=ptb,dc=qe

Actual results:
id command displays output for only one domain, it doesn't display for other domain.

[root@fedora sssd]# id test1
uid=1261601512(test1) gid=1261601512(test1) groups=1261601512(test1),1261600513(domain users)

[root@fedora sssd]# id test1
id: ‘test1’: no such user

Expected results:
id test should display the result.

Additional info:

Comment 4 Michal Zidek 2017-03-24 13:49:03 UTC
Just a note (not related to the bug).

The options debug_level is not supported for the subdomain section (it always uses the same dabug_level as the main domain section), so you can delete it from the sssd.conf in the test.

Michal

Comment 5 Lukas Slebodnik 2017-03-30 11:49:08 UTC
Upstream ticket:
https://pagure.io/SSSD/sssd/issue/3351

Comment 6 Lukas Slebodnik 2017-05-02 11:05:23 UTC
master:
* 4c49edbd8df651b1737c59459637962c117212c6

Comment 7 Fedora Update System 2017-07-25 15:13:16 UTC
sssd-1.15.3-1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-71a2efaa80

Comment 8 Fedora Update System 2017-07-25 15:13:57 UTC
sssd-1.15.3-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-91b708222e

Comment 9 Fedora Update System 2017-07-25 15:42:37 UTC
sssd-1.15.3-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2017-3692a58167

Comment 10 Fedora Update System 2017-07-26 23:52:12 UTC
sssd-1.15.3-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-3692a58167

Comment 11 Fedora Update System 2017-07-27 00:23:22 UTC
sssd-1.15.3-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-91b708222e

Comment 12 Fedora Update System 2017-07-27 02:52:05 UTC
sssd-1.15.3-1.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-71a2efaa80

Comment 13 Fedora Update System 2017-07-31 06:24:47 UTC
sssd-1.15.3-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.

Comment 14 Fedora Update System 2017-08-07 01:20:18 UTC
sssd-1.15.3-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 15 Fedora Update System 2017-08-10 21:26:01 UTC
sssd-1.15.3-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.