Hi,
I'm experiencing an issue with SSSD 1.11.5 running on Ubuntu 12.04.5 LTS. It's using the AD provider, pointing to AD servers with POSIX groups configured (ldap_id_mapping = False).
The issue I'm experiencing is that all of a user's groups vanishes from "id" and "groups" after several hours (appears to be 8-12 hours), except for his/her login group.
sss_cache -E doesn't fix it
Restarting SSSD doesn't fix it.
However, stopping SSSD, removing /var/lib/sss/db/*, and restarting SSSD does fix it.
After manually removing the cache files in the DB dir, SSSD will then see all of a users groups until several hours pass, then, again, all but his login group will vanish until the files are removed and SSSD restarted again.
Is this a known issue, perhaps a bug fixed in some future version?
BTW, if you're wondering, the SSSD version I'm using is a backport of 1.11.5 found here in this PPA: https://launchpad.net/~sssd/+archive/ubuntu/updates
This is how I'm able to use the AD provider with Ubuntu 12. I know it's not supported, etc. I'm just looking for any insights or suggestions, or whether a known bug exists for this version that exhibits this "vanishing groups" behavior.
TIA,
- Jim
Given what you're describing I would suspect that enumeration is set to "true" and the cache is being overwhelmed cyclically.
Just a thought,
-- lawrence
On Fri, May 31, 2019 at 2:09 PM Jim Burwell jimb@jsbc.cc wrote:
Hi,
I'm experiencing an issue with SSSD 1.11.5 running on Ubuntu 12.04.5 LTS. It's using the AD provider, pointing to AD servers with POSIX groups configured (ldap_id_mapping = False).
The issue I'm experiencing is that all of a user's groups vanishes from "id" and "groups" after several hours (appears to be 8-12 hours), except for his/her login group.
sss_cache -E doesn't fix it
Restarting SSSD doesn't fix it.
However, stopping SSSD, removing /var/lib/sss/db/*, and restarting SSSD does fix it.
After manually removing the cache files in the DB dir, SSSD will then see all of a users groups until several hours pass, then, again, all but his login group will vanish until the files are removed and SSSD restarted again.
Is this a known issue, perhaps a bug fixed in some future version?
BTW, if you're wondering, the SSSD version I'm using is a backport of 1.11.5 found here in this PPA: https://launchpad.net/~sssd/+archive/ubuntu/updates
This is how I'm able to use the AD provider with Ubuntu 12. I know it's not supported, etc. I'm just looking for any insights or suggestions, or whether a known bug exists for this version that exhibits this "vanishing groups" behavior.
TIA,
- Jim
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
No. It isn't. "enumerate" is at default, which is false. Having enumeration on slows things down. In fact I have "ignore_group_members = true" to speed things up even more.
The domain LDB cache file isn't even that big. Less than 100 entries.
Thanks for your thoughts though.
This is a really odd problem only happening on a few boxes. I suspect a bug in the release I'm running, but I wanted to try to verify it.
- Jim
On 2019-05-31 12:44, Lawrence Kearney wrote:
Given what you're describing I would suspect that enumeration is set to "true" and the cache is being overwhelmed cyclically.
Just a thought,
-- lawrence
On Fri, May 31, 2019 at 2:09 PM Jim Burwell jimb@jsbc.cc wrote:
Hi, I'm experiencing an issue with SSSD 1.11.5 running on Ubuntu 12.04.5 LTS. It's using the AD provider, pointing to AD servers with POSIX groups configured (ldap_id_mapping = False). The issue I'm experiencing is that all of a user's groups vanishes from "id" and "groups" after several hours (appears to be 8-12 hours), except for his/her login group. sss_cache -E doesn't fix it Restarting SSSD doesn't fix it. However, stopping SSSD, removing /var/lib/sss/db/*, and restarting SSSD does fix it. After manually removing the cache files in the DB dir, SSSD will then see all of a users groups until several hours pass, then, again, all but his login group will vanish until the files are removed and SSSD restarted again. Is this a known issue, perhaps a bug fixed in some future version? BTW, if you're wondering, the SSSD version I'm using is a backport of 1.11.5 found here in this PPA: https://launchpad.net/~sssd/+archive/ubuntu/updates This is how I'm able to use the AD provider with Ubuntu 12. I know it's not supported, etc. I'm just looking for any insights or suggestions, or whether a known bug exists for this version that exhibits this "vanishing groups" behavior. TIA, - Jim _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org <mailto:sssd-users@lists.fedorahosted.org> To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org <mailto:sssd-users-leave@lists.fedorahosted.org> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
-- Lawrence Kearney
e: lawrence.kearney@earthlink.net mailto:lawrence.kearney@earthlink.net t: +001 706.951.6257 w: www.lawrencekearney.com http://www.lawrencekearney.com l: www.linkedin.com/in/lawrencekearney http://www.linkedin.com/in/lawrencekearney
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
sssd-users@lists.fedorahosted.org