sssd_be crashing with nested ldap groups
Aaron Bliss
abliss at brockport.edu
Tue May 14 13:36:13 UTC 2013
Hi all,
Apologies for the confusion. Our fully patched boxes are running the
following rpm versions:
sssd-1.9.2-82.7.el6_4.x86_64
sssd-client-1.9.2-82.7.el6_4.x86_64
So the issue was introduced sometime between sssd-1.9.2-82.el6.x86_64
and sssd-1.9.2-82.7.el6_4.x86_64.
Aaron
On 5/14/2013 9:07 AM, Aaron Bliss wrote:
> Hi all,
> I have several fully patched RedHat boxes (20 or more), with the
> following sssd rpms installed:
>
> sssd-client-1.9.2-82.4.el6_4.x86_64
> sssd-1.9.2-82.4.el6_4.x86_64
>
> Whenever a lookup is done (for example opening an SSH session or
> running groups username) to figure out a users' group membership and
> that particular user is a member of a ldap group that is nested in
> another ldap group, sssd_be aborts with the following logged to
> /var/log/messages:
>
> kernel: sssd_be[32294]: segfault at 0 ip (null) sp 00007fff4a2f2eb8
> error 14 in sssd_be[400000+87000]
>
> I do make use of the ldap_schema = rfc2307bis and ldap_group_member =
> uniqueMember options, as our ldap provider is Oracle Enterprise
> Directory Server (formally Sun Directory Server).
>
> I have also confirmed that this issue was introduced with an update to
> sssd released sometime after sssd-1.9.2-82.el6.x86_64, as in order to
> further troubleshoot this, I did a clean build of a RedHat 6.4 client,
> used the exact same /etc/sssd/sssd.conf file and have yet to have any
> trouble with the sssd daemon crashing.
>
> While I can avoid the issue by not updating the sssd* rpm's and the
> dependent rpm's, I'm assuming that this is something that the sssd
> developers or RedHat would want to be aware of, since it's doubtful
> that I'm the only one experiencing this issue. Note that I can't
> submit a support ticket directly to RedHat, as we don't have support
> for our RedHat subscriptions (as an edu, we have the update only
> subscriptions without technical support).
>
> I'm not sure if this is the proper list to post such issue and if not,
> please direct me to a better source or let me know if any further
> information is needed to look into this issue.
>
> Aaron Bliss
> Systems Administrator
> SUNY Brockport
> (585) 395-2417
>
>
More information about the redhat-list
mailing list