Hi Jakub, You wrote: > Without the SSSD logs it's hard to tell for certain, but I suspect this is > caused by enumerate=True in the sssd.conf config file.
If I comment out "enumerate = True" then the behavior is the same except that even after restarting sssd, "getent group domadmins" continues to fail to list the user even after ten seconds. root@ellen:/# getent group domadmins domadmins:*:512:bar,foo root@ellen:/# su -c pwd foo / root@ellen:/# getent group domadmins domadmins:*:512:bar root@ellen:/# restart sssd sssd start/running, process 5154 root@ellen:/# date ; getent group domadmins Wed Sep 12 00:42:14 CEST 2012 domadmins:*:512:bar root@ellen:/# date ; getent group domadmins Wed Sep 12 00:43:16 CEST 2012 domadmins:*:512:bar (Please note that "su -c pwd foo" doesn't open a new interactive shell; it just executes the pwd command in a short-lived shell process owned by foo.) > Also, is there a particular reason to use enumerate=True? Well, the bug is worse without it than with it. :) Without it, sssd fails to remember that foo is a member of domadmins even after it's restarted. > The reason why the groups seemingly appear after about > ten seconds is that after the SSSD provider starts up, > the enumerate task is scheduled. In general, it *should* > block the NSS operations until the initial enumeration > has completed, though. It doesn't block. If you think that this is a bug then please file a report. :) > Is the behaviour reproducable within a single SSSD session? > In other words, if you log in after the ten seconds have passed > and the getent command reports correct group memberships, > does "groups" still show wrong membership? With "enumerate = true", after sssd has been restarted and ten seconds have passed, "getent group domadmins" reports foo as a member and "groups foo" shows domadmins as one of foo's groups. Before ten seconds have passed "getent group domadmins" does not show foo as a member and "groups foo" does not show domadmins as one of foo's groups. The getent and groups commands have always been consistent with each other so far as I have seen during my testing. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1049186 Title: sssd forgets group memberships of foo when foo logs in; remembers them after ten seconds after restarting sssd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1049186/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
