On Fri, May 06, 2016 at 03:04:42PM +0200, Jakub Hrozek wrote: > To reproduce, just run: > getent netgroup some_name@trusted.domain > > Please see the commit message for explanation. The other solution would > be the other way around, ie always go to the code that handles lookups > for trusted domains and shortcut if the lookup is for anything else than > a user or a group.
> From 18cbf559addfeb77ad83b81e23431295a3e5c6ae Mon Sep 17 00:00:00 2001 > From: Jakub Hrozek <jhro...@redhat.com> > Date: Fri, 6 May 2016 15:02:19 +0200 > Subject: [PATCH] IPA: Handle requests for netgroups from trusted domains > gracefully > > In ipa_account_info_handler we first check if the request is for a user > from a trusted domain and go that way for all request types. In > contrast, in the ipa_account_info_done we first check if the requested > object is a netgroup. If both are true, we first start a subdomain > lookup send but then call netgroup lookup recv, which results in talloc > type mismatch and crashes sssd_be. > > Resolves: > https://fedorahosted.org/sssd/ticket/3007 FWIW, the reporter also confirmed this patch works for them. _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org