URL: https://github.com/SSSD/sssd/pull/543 Author: jhrozek Title: #543: SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1 Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/543/head:pr543 git checkout pr543
From efc548b4e45f60c1044bfc523853537a2e629616 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Fri, 23 Mar 2018 13:40:34 +0100 Subject: [PATCH] SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1 Resolves: https://pagure.io/SSSD/sssd/issue/3684 If the cleanup task removes a user who was a fully resolved member (not a ghost), but then the group the user was a member of is requested, unless the group had changed, the user doesn't appear as a member of the group again. This is because the modify timestamp would prevent the group from updating and therefore the ghost attribute is not readded. To mitigate this, let's also set the originalModifyTimestamp attribute to 1, so that we never take the optimized path while updating the group. --- src/db/sysdb_ops.c | 13 ++++++++++++ src/tests/intg/test_ldap.py | 51 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+) diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index cc86a114e..09aa04a29 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -5410,6 +5410,19 @@ errno_t sysdb_mark_entry_as_expired_ldb_dn(struct sss_domain_info *dom, goto done; } + ret = ldb_msg_add_empty(msg, SYSDB_ORIG_MODSTAMP, + LDB_FLAG_MOD_REPLACE, NULL); + if (ret != LDB_SUCCESS) { + ret = sysdb_error_to_errno(ret); + goto done; + } + + ret = ldb_msg_add_string(msg, SYSDB_ORIG_MODSTAMP, "1"); + if (ret != LDB_SUCCESS) { + ret = sysdb_error_to_errno(ret); + goto done; + } + ret = ldb_modify(dom->sysdb->ldb, msg); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); diff --git a/src/tests/intg/test_ldap.py b/src/tests/intg/test_ldap.py index 2d95d2549..671bf2fb9 100644 --- a/src/tests/intg/test_ldap.py +++ b/src/tests/intg/test_ldap.py @@ -434,6 +434,57 @@ def test_refresh_after_cleanup_task(ldap_conn, refresh_after_cleanup_task): dict(mem=ent.contains_only("user1"))) +@pytest.fixture +def update_ts_after_cleanup_task(request, ldap_conn): + ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) + ent_list.add_user("user1", 1001, 2001) + ent_list.add_user("user2", 1002, 2001) + + ent_list.add_group_bis("group1", 2001, ["user1", "user2"]) + + create_ldap_fixture(request, ldap_conn, ent_list) + + conf = \ + format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \ + unindent(""" + [domain/LDAP] + ldap_purge_cache_timeout = 3 + """).format(**locals()) + create_conf_fixture(request, conf) + create_sssd_fixture(request) + return None + + +def test_update_ts_cache_after_cleanup_task(ldap_conn, + update_ts_after_cleanup_task): + """ + Regression test for ticket: + https://fedorahosted.org/sssd/ticket/2676 + """ + ent.assert_group_by_name( + "group1", + dict(mem=ent.contains_only("user1", "user2"))) + + ent.assert_passwd_by_name( + 'user1', + dict(name='user1', passwd='*', uid=1001, gid=2001, + gecos='1001', shell='/bin/bash')) + + ent.assert_passwd_by_name( + 'user2', + dict(name='user2', passwd='*', uid=1002, gid=2001, + gecos='1002', shell='/bin/bash')) + + if subprocess.call(["sss_cache", "-u", "user1"]) != 0: + raise Exception("sssd_cache failed") + + time.sleep(6) + + ent.assert_group_by_name( + "group1", + dict(mem=ent.contains_only("user1", "user2"))) + + @pytest.fixture def blank_rfc2307(request, ldap_conn): """Create blank RFC2307 directory fixture with interactive SSSD conf"""
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
