sssd_be crashing with nested ldap groups

Aaron Bliss abliss at brockport.edu
Tue May 14 13:36:13 UTC 2013 

Hi all,
Apologies for the confusion.  Our fully patched boxes are running the 
following rpm versions:

sssd-1.9.2-82.7.el6_4.x86_64
sssd-client-1.9.2-82.7.el6_4.x86_64

So the issue was introduced sometime between sssd-1.9.2-82.el6.x86_64 
and sssd-1.9.2-82.7.el6_4.x86_64.

Aaron
On 5/14/2013 9:07 AM, Aaron Bliss wrote:
> Hi all,
> I have several fully patched RedHat boxes (20 or more), with the 
> following sssd rpms installed:
>
> sssd-client-1.9.2-82.4.el6_4.x86_64
> sssd-1.9.2-82.4.el6_4.x86_64
>
> Whenever a lookup is done (for example opening an SSH session or 
> running groups username) to figure out a users' group membership and 
> that particular user is a member of a ldap group that is nested in 
> another ldap group, sssd_be aborts with the following logged to 
> /var/log/messages:
>
> kernel: sssd_be[32294]: segfault at 0 ip (null) sp 00007fff4a2f2eb8 
> error 14 in sssd_be[400000+87000]
>
> I do make use of the ldap_schema = rfc2307bis and ldap_group_member = 
> uniqueMember options, as our ldap provider is Oracle Enterprise 
> Directory Server (formally Sun Directory Server).
>
> I have also confirmed that this issue was introduced with an update to 
> sssd released sometime after sssd-1.9.2-82.el6.x86_64, as in order to 
> further troubleshoot this, I did a clean build of a RedHat 6.4 client, 
> used the exact same /etc/sssd/sssd.conf file and have yet to have any 
> trouble with the sssd daemon crashing.
>
> While I can avoid the issue by not updating the sssd* rpm's and the 
> dependent rpm's, I'm assuming that this is something that the sssd 
> developers or RedHat would want to be aware of, since it's doubtful 
> that I'm the only one experiencing this issue.  Note that I can't 
> submit a support ticket directly to RedHat, as we don't have support 
> for our RedHat subscriptions (as an edu, we have the update only 
> subscriptions without technical support).
>
> I'm not sure if this is the proper list to post such issue and if not, 
> please direct me to a better source or let me know if any further 
> information is needed to look into this issue.
>
> Aaron Bliss
> Systems Administrator
> SUNY Brockport
> (585) 395-2417
>
>

More information about the redhat-list mailing list