LDAP ping doesn't prefers site-local DCS

Bug #1587988 reported by Jorge Niedbalski on 2016-06-01
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
sssd (Ubuntu)
Medium
Unassigned
Trusty
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
Yakkety
Medium
Unassigned

Bug Description

[Description]

If an active directory domain has any domain controllers defined that are not accesible
from a specific location, then sssd should prefer site-local DCs in LDAP ping.

This behavior has been fixed on upstream via:
https://git.fedorahosted.org/cgit/sssd.git/commit/?id=a1c6869c67fcf4971ac843315b97bf46893ca92d

[Reproduction]

[Possible regressions]

* None identified

Changed in sssd (Ubuntu):
status: New → Fix Released
importance: Undecided → High
tags: added: sts-needs-review
Timo Aaltonen (tjaalton) wrote :

fixed in 1.13.4 which is in xenial

and I'd say "screw wily" at this point..

Changed in sssd (Ubuntu Xenial):
status: New → Fix Released
Timo Aaltonen (tjaalton) wrote :

On which release did you bump into this? The upstream commit is not directly backportable to 1.11.x in trusty, btw.

Timo Aaltonen (tjaalton) wrote :

(fails to build)

Jorge Niedbalski (niedbalski) wrote :
Changed in sssd (Ubuntu Trusty):
importance: Undecided → High
Timo Aaltonen (tjaalton) wrote :

Thanks, fwiw the upload queue has 1.11.8-0ubuntu0.1 which noone has dared to accept yet. It doesn't fix this though

Timo Aaltonen (tjaalton) wrote :

I've added the patches and uploaded a new version to trusty queue

Changed in sssd (Ubuntu Trusty):
status: New → In Progress

Hello Jorge, or anyone else affected,

Accepted sssd into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/sssd/1.11.8-0ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in sssd (Ubuntu Trusty):
status: In Progress → Fix Committed
tags: added: verification-needed
Martin Pitt (pitti) wrote :

Hello Jorge, or anyone else affected,

Accepted sssd into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/sssd/1.11.8-0ubuntu0.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Timo Aaltonen (tjaalton) wrote :

still needs to be tested..

Leonardo Borda (lborda) wrote :

Hi Timo,

As per the comment #9 the packages should be in -proposed but they are not there. I can see them in https://launchpad.net/ubuntu/+source/sssd/1.11.8-0ubuntu0.2/+build/10197654 though...

Can you make it available in -proposed ?

Leo

Timo Aaltonen (tjaalton) wrote :

oh you're right, it adds a new binary package so it's stuck in the NEW queue now.. I can't do anything about that myself

Leonardo Borda (lborda) wrote :

the proposed packages fix the site discovery issue however we still cannot get the packages from http://archive.ubuntu.com/ubuntu/pool/universe/s/sssd/.

Adam Conrad (adconrad) on 2016-08-01
Changed in sssd (Ubuntu Wily):
status: New → Won't Fix
Jorge Niedbalski (niedbalski) wrote :

The package in the -proposed archive fixes the issue with SSSD now it properly discovers both servers by setting the ad_site option directive.

tags: added: verification-done
removed: sts-needs-review verification-needed
Leonardo Borda (lborda) wrote :

Still sitting in trusty-proposed can we proceed on making available for trusty ?

The package in the -proposed archive fixes the issue with SSSD.

$ rmadison sssd |grep trusty
 sssd | 1.11.5-1ubuntu3 | trusty | source, amd64, arm64, armhf, i386, powerpc, ppc64el
 sssd | 1.11.8-0ubuntu0.2 | trusty-proposed | source, amd64, arm64, armhf, i386, powerpc, ppc64el

Timo Aaltonen (tjaalton) wrote :

right, it's been there for a long while now, I've now verified the two unverified bugs that the new version should fix, so this should allow the package to move to updates

Changed in sssd (Ubuntu Wily):
importance: Undecided → High
Changed in sssd (Ubuntu Xenial):
importance: Undecided → High
Changed in sssd (Ubuntu Yakkety):
importance: High → Medium
Changed in sssd (Ubuntu Wily):
importance: High → Medium
Changed in sssd (Ubuntu Xenial):
importance: High → Medium
Changed in sssd (Ubuntu Trusty):
importance: High → Medium

The verification of the Stable Release Update for sssd has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sssd - 1.11.8-0ubuntu0.2

---------------
sssd (1.11.8-0ubuntu0.2) trusty; urgency=medium

  * control: Drop check from build-depends (ftbfs).

sssd (1.11.8-0ubuntu0.1) trusty; urgency=medium

  * New upstream bugfix release. (LP: #1443802, #1453253, #1456498,
    #1578191, #1585698)
    - fix-samba4-crash.patch: Dropped, upstream.
    - sssd-dbus: Add a new subpackage for the D-Bus responder.
    - sssd-common.install, sssd-dbus.install: Add new sss_signal helper
      and the dbus service using it.
  * fix-upstream-2620.diff: Set sdap handle as explicitly connected in
    LDAP auth. (LP: #1519086)
  * debian/patches/AD-*.diff: Prefer site-local-DCs in LDAP ping, thanks
    Jorge Niedbalski! (LP: #1587988)

 -- Timo Aaltonen <email address hidden> Thu, 30 Jun 2016 23:51:51 +0300

Changed in sssd (Ubuntu Trusty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers