SSSD LDAP authentication fails with id_provider as proxy

Bug #1519086 reported by Jacob on 2015-11-23
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
sssd (Ubuntu)
Medium
Unassigned
Trusty
Medium
Unassigned

Bug Description

With the SSSD package provided in Ubuntu 14.04, when using ldap as an authentication provider but configuring the id provider to proxy, SSSD fails to connect via LDAP. This error was brought up on the following serverfault question in an answer by user jhrozek.

https://serverfault.com/questions/737130/sssd-for-ldap-user-authentication-only-just-bind-on-ubuntu-local-databases-fo

This bug has been found and patched so I feel I don't need to go into a lot of detail, but it's a simple enough fix that I would like to request the patch be pulled into the current release to work with Ubuntu 14.04 since 16.04 is not yet stable for production deployments.

More information on the patch: https://fedorahosted.org/sssd/ticket/2620

Release: 14.04.3
Package Version: 1.11.5-1ubuntu3

Expected Behavior: Query user in LDAP for attributes objectclass and uid, then successfully bind that user via LDAP to authenticate.

Actual Behavior: Upon calling ldap_search_ext, generates error message in logs that LDAP connection is not connected

Jacob (jacobcase94) on 2015-11-23
description: updated
Timo Aaltonen (tjaalton) wrote :

fixed in 1.13

Changed in sssd (Ubuntu):
status: New → Fix Released

Hello Jacob, or anyone else affected,

Accepted sssd into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/sssd/1.11.8-0ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in sssd (Ubuntu Trusty):
status: New → Fix Committed
tags: added: verification-needed
Martin Pitt (pitti) wrote :

Hello Jacob, or anyone else affected,

Accepted sssd into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/sssd/1.11.8-0ubuntu0.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Timo Aaltonen (tjaalton) wrote :

please test the package on trusty-proposed

Jacob (jacobcase94) wrote :

Hi Timo,

I don't currently work in the corporate environment where this bug affected me anymore so it will be difficult to test. That said, I'll see what I can do this week/weekend. I might need to try and replicate and environment.

Thanks!

Timo Aaltonen (tjaalton) wrote :

that's fine, and since this patch was identified upstream and pulled into the stable release which has been out for a long time now I'll just mark this one verified so that the new version can be released at last

tags: added: verification-done
removed: verification-needed
Changed in sssd (Ubuntu):
importance: Undecided → Medium
Changed in sssd (Ubuntu Trusty):
importance: Undecided → Medium

The verification of the Stable Release Update for sssd has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sssd - 1.11.8-0ubuntu0.2

---------------
sssd (1.11.8-0ubuntu0.2) trusty; urgency=medium

  * control: Drop check from build-depends (ftbfs).

sssd (1.11.8-0ubuntu0.1) trusty; urgency=medium

  * New upstream bugfix release. (LP: #1443802, #1453253, #1456498,
    #1578191, #1585698)
    - fix-samba4-crash.patch: Dropped, upstream.
    - sssd-dbus: Add a new subpackage for the D-Bus responder.
    - sssd-common.install, sssd-dbus.install: Add new sss_signal helper
      and the dbus service using it.
  * fix-upstream-2620.diff: Set sdap handle as explicitly connected in
    LDAP auth. (LP: #1519086)
  * debian/patches/AD-*.diff: Prefer site-local-DCs in LDAP ping, thanks
    Jorge Niedbalski! (LP: #1587988)

 -- Timo Aaltonen <email address hidden> Thu, 30 Jun 2016 23:51:51 +0300

Changed in sssd (Ubuntu Trusty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers