Release Notes for Ubuntu

sssd-ldap breaks automount on bionic

Bug #1767886 reported by Jens Elkner on 2018-04-29

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Release Notes for Ubuntu	Fix Released	Undecided	Andreas Hasenack
	sssd (Ubuntu)	Invalid	Medium	Andreas Hasenack

Bug Description

sssd in bionic (1.16.1) breaks automounting because it does neither follow RFC 2307bis-02 nor obeys sssd.conf settings like:

ldap_schema = rfc2307
ldap_autofs_map_object_class = automountMap
ldap_autofs_map_name = automountMapName
ldap_autofs_entry_key = automountKey

On xenial sssd (1.13.4 with the same sssd.conf and ldap server) automounting works as expected. The related queries/results from a xenial and a bionic client show the difference:

bionic:
-------
[29/Apr/2018:23:52:10 +0200] SEARCH REQ conn=497767 op=3 msgID=4 base="ou=my,o=org" scope=singleLevel filter="(&(automountMapName=auto_master)(objectclass=automountMap))" attrs="objectClass,automountMapName"
[29/Apr/2018:23:52:10 +0200] SEARCH RES conn=497767 op=3 msgID=4 result=0 nentries=1 etime=1
[29/Apr/2018:23:52:10 +0200] SEARCH REQ conn=497767 op=4 msgID=5 base="automountMapName=auto_master,ou=my,o=org" scope=singleLevel filter="(&(automountKey=*)(objectclass=nisObject))" attrs="objectClass,automountKey,nisMapEntry"
[29/Apr/2018:23:52:10 +0200] SEARCH RES conn=497767 op=4 msgID=5 result=0 nentries=0 etime=0
...
[29/Apr/2018:23:53:01 +0200] SEARCH REQ conn=497767 op=6 msgID=7 base="ou=my,o=org" scope=singleLevel filter="(&(automountMapName=auto_home)(objectclass=automountMap))" attrs="objectClass,automountMapName"
[29/Apr/2018:23:53:01 +0200] SEARCH RES conn=497767 op=6 msgID=7 result=0 nentries=1 etime=1
[29/Apr/2018:23:53:01 +0200] SEARCH REQ conn=497767 op=7 msgID=8 base="automountMapName=auto_home,ou=my,o=org" scope=singleLevel filter="(&(automountKey=*)(objectclass=nisObject))" attrs="objectClass,automountKey,nisMapEntry"
[29/Apr/2018:23:53:01 +0200] SEARCH RES conn=497767 op=7 msgID=8 result=0 nentries=0 etime=1

xenial:
-------
[29/Apr/2018:23:20:51 +0200] SEARCH REQ conn=496782 op=2 msgID=3 base="ou=my,o=org" scope=singleLevel filter="(&(automountMapName=auto_master)(objectclass=automountMap))" attrs="objectClass,automountMapName"
[29/Apr/2018:23:20:51 +0200] SEARCH RES conn=496782 op=2 msgID=3 result=0 nentries=1 etime=0
[29/Apr/2018:23:20:51 +0200] SEARCH REQ conn=496782 op=3 msgID=4 base="automountMapName=auto_master,ou=my,o=org" scope=singleLevel filter="(&(automountKey=*)(objectclass=automount))" attrs="objectClass,automountKey,automountInformation"
[29/Apr/2018:23:20:51 +0200] SEARCH RES conn=496782 op=3 msgID=4 result=0 nentries=5 etime=2
...
[29/Apr/2018:23:21:49 +0200] SEARCH REQ conn=496782 op=8 msgID=9 base="ou=my,o=org" scope=singleLevel filter="(&(automountMapName=auto_home)(objectclass=automountMap))" attrs="objectClass,automountMapName"
[29/Apr/2018:23:21:49 +0200] SEARCH RES conn=496782 op=8 msgID=9 result=0 nentries=1 etime=1
[29/Apr/2018:23:21:49 +0200] SEARCH REQ conn=496782 op=9 msgID=10 base="automountMapName=auto_home,ou=my,o=org" scope=singleLevel filter="(&(automountKey=*)(objectclass=automount))" attrs="objectClass,automountKey,automountInformation"
[29/Apr/2018:23:21:49 +0200] SEARCH RES conn=496782 op=9 msgID=10 result=0 nentries=218 etime=25

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2018-05-02:

You want to use the RFC2307bis-02 schema for automount, but the RFC2307 (non-bis) schema for the rest, is that correct?

Revision history for this message

Jens Elkner (jelmd) wrote on 2018-05-02:

Yes, correct.

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2018-05-04:

The defaults for unspecified ldap_autofs_* settings changed between 1.15 and 1.16 it seems.

Here is a diff between the autofs section of the sssd-ldap page: https://pastebin.ubuntu.com/p/PJc5B9gwdr/

There are two settings for the map entry, and 3 for the autofs entry. You specified the rfc2307 schema, and just 3 out of 5 specific object classes and attributes overrides, leaving 2 to assume their default values for that schema type:

ldap_schema = rfc2307
# yours:
ldap_autofs_map_object_class = automountMap
ldap_autofs_map_name = automountMapName
ldap_autofs_entry_key = automountKey
# assumed default values when using rfc2307
ldap_autofs_entry_value = nisMapEntry
ldap_autofs_entry_object_class = nisObject

If you fix your config like this, it will work:
ldap_autofs_map_object_class = automountMap # your existing setting
ldap_autofs_map_name = automountMapName # your existing setting
ldap_autofs_entry_key = automountKey # your existing setting
ldap_autofs_entry_value = automountKey # new setting
ldap_autofs_entry_object_class = automount # new setting

I tested it with these automount entries: https://pastebin.ubuntu.com/p/z8fM4tvCzK/

Please let me know how it goes. If confirmed, I'll add an entry to the bionic release notes about this.

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2018-05-04:

Sorry, the defaults changed in 1.14, not 1.15, I thought xenial had 1.15.

This is the upstream bug that introduced the change: https://pagure.io/SSSD/sssd/issue/2858

It was fixed in 1.14, so post-xenial.

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2018-05-04:

I updated the Bionic release notes: https://wiki.ubuntu.com/BionicBeaver/ReleaseNotes#SSSD

Changed in sssd (Ubuntu):
status:	New → Triaged
assignee:	nobody → Andreas Hasenack (ahasenack)

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2018-05-04:

Setting to incomplete pending confirmation from the reporter that the issue was the change in default values.

Changed in sssd (Ubuntu):
importance:	Undecided → Medium
status:	Triaged → Incomplete

Revision history for this message

Jens Elkner (jelmd) wrote on 2018-05-05:

Yes, this (the missing entries) fixed the problem (used 'ldap_autofs_entry_value = automountInformation') as mentioned in the URLs you gave.

Thanx a lot :) ,
jel.

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2018-05-07:

I'll mark the sssd task as invalid, since the software is working as intended.

I added a release notes task to record what we did, and marked it as fix released since the change is live already.

Thanks again for reporting this bug and helping make ubuntu better!

Changed in ubuntu-release-notes:
status:	New → Fix Released
Changed in sssd (Ubuntu):
status:	Incomplete → Invalid
Changed in ubuntu-release-notes:
assignee:	nobody → Andreas Hasenack (ahasenack)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.