sssd-ldap breaks automount on bionic

Bug #1767886 reported by Jens Elkner on 2018-04-29
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Release Notes for Ubuntu
Undecided
Andreas Hasenack
sssd (Ubuntu)
Medium
Andreas Hasenack

Bug Description

sssd in bionic (1.16.1) breaks automounting because it does neither follow RFC 2307bis-02 nor obeys sssd.conf settings like:

ldap_schema = rfc2307
ldap_autofs_map_object_class = automountMap
ldap_autofs_map_name = automountMapName
ldap_autofs_entry_key = automountKey

On xenial sssd (1.13.4 with the same sssd.conf and ldap server) automounting works as expected. The related queries/results from a xenial and a bionic client show the difference:

bionic:
-------
[29/Apr/2018:23:52:10 +0200] SEARCH REQ conn=497767 op=3 msgID=4 base="ou=my,o=org" scope=singleLevel filter="(&(automountMapName=auto_master)(objectclass=automountMap))" attrs="objectClass,automountMapName"
[29/Apr/2018:23:52:10 +0200] SEARCH RES conn=497767 op=3 msgID=4 result=0 nentries=1 etime=1
[29/Apr/2018:23:52:10 +0200] SEARCH REQ conn=497767 op=4 msgID=5 base="automountMapName=auto_master,ou=my,o=org" scope=singleLevel filter="(&(automountKey=*)(objectclass=nisObject))" attrs="objectClass,automountKey,nisMapEntry"
[29/Apr/2018:23:52:10 +0200] SEARCH RES conn=497767 op=4 msgID=5 result=0 nentries=0 etime=0
...
[29/Apr/2018:23:53:01 +0200] SEARCH REQ conn=497767 op=6 msgID=7 base="ou=my,o=org" scope=singleLevel filter="(&(automountMapName=auto_home)(objectclass=automountMap))" attrs="objectClass,automountMapName"
[29/Apr/2018:23:53:01 +0200] SEARCH RES conn=497767 op=6 msgID=7 result=0 nentries=1 etime=1
[29/Apr/2018:23:53:01 +0200] SEARCH REQ conn=497767 op=7 msgID=8 base="automountMapName=auto_home,ou=my,o=org" scope=singleLevel filter="(&(automountKey=*)(objectclass=nisObject))" attrs="objectClass,automountKey,nisMapEntry"
[29/Apr/2018:23:53:01 +0200] SEARCH RES conn=497767 op=7 msgID=8 result=0 nentries=0 etime=1

xenial:
-------
[29/Apr/2018:23:20:51 +0200] SEARCH REQ conn=496782 op=2 msgID=3 base="ou=my,o=org" scope=singleLevel filter="(&(automountMapName=auto_master)(objectclass=automountMap))" attrs="objectClass,automountMapName"
[29/Apr/2018:23:20:51 +0200] SEARCH RES conn=496782 op=2 msgID=3 result=0 nentries=1 etime=0
[29/Apr/2018:23:20:51 +0200] SEARCH REQ conn=496782 op=3 msgID=4 base="automountMapName=auto_master,ou=my,o=org" scope=singleLevel filter="(&(automountKey=*)(objectclass=automount))" attrs="objectClass,automountKey,automountInformation"
[29/Apr/2018:23:20:51 +0200] SEARCH RES conn=496782 op=3 msgID=4 result=0 nentries=5 etime=2
...
[29/Apr/2018:23:21:49 +0200] SEARCH REQ conn=496782 op=8 msgID=9 base="ou=my,o=org" scope=singleLevel filter="(&(automountMapName=auto_home)(objectclass=automountMap))" attrs="objectClass,automountMapName"
[29/Apr/2018:23:21:49 +0200] SEARCH RES conn=496782 op=8 msgID=9 result=0 nentries=1 etime=1
[29/Apr/2018:23:21:49 +0200] SEARCH REQ conn=496782 op=9 msgID=10 base="automountMapName=auto_home,ou=my,o=org" scope=singleLevel filter="(&(automountKey=*)(objectclass=automount))" attrs="objectClass,automountKey,automountInformation"
[29/Apr/2018:23:21:49 +0200] SEARCH RES conn=496782 op=9 msgID=10 result=0 nentries=218 etime=25

Andreas Hasenack (ahasenack) wrote :

You want to use the RFC2307bis-02 schema for automount, but the RFC2307 (non-bis) schema for the rest, is that correct?

Jens Elkner (jelmd) wrote :

Yes, correct.

Andreas Hasenack (ahasenack) wrote :

The defaults for unspecified ldap_autofs_* settings changed between 1.15 and 1.16 it seems.

Here is a diff between the autofs section of the sssd-ldap page: https://pastebin.ubuntu.com/p/PJc5B9gwdr/

There are two settings for the map entry, and 3 for the autofs entry. You specified the rfc2307 schema, and just 3 out of 5 specific object classes and attributes overrides, leaving 2 to assume their default values for that schema type:

ldap_schema = rfc2307
# yours:
ldap_autofs_map_object_class = automountMap
ldap_autofs_map_name = automountMapName
ldap_autofs_entry_key = automountKey
# assumed default values when using rfc2307
ldap_autofs_entry_value = nisMapEntry
ldap_autofs_entry_object_class = nisObject

If you fix your config like this, it will work:
ldap_autofs_map_object_class = automountMap # your existing setting
ldap_autofs_map_name = automountMapName # your existing setting
ldap_autofs_entry_key = automountKey # your existing setting
ldap_autofs_entry_value = automountKey # new setting
ldap_autofs_entry_object_class = automount # new setting

I tested it with these automount entries: https://pastebin.ubuntu.com/p/z8fM4tvCzK/

Please let me know how it goes. If confirmed, I'll add an entry to the bionic release notes about this.

Andreas Hasenack (ahasenack) wrote :

Sorry, the defaults changed in 1.14, not 1.15, I thought xenial had 1.15.

This is the upstream bug that introduced the change: https://pagure.io/SSSD/sssd/issue/2858

It was fixed in 1.14, so post-xenial.

Andreas Hasenack (ahasenack) wrote :

I updated the Bionic release notes: https://wiki.ubuntu.com/BionicBeaver/ReleaseNotes#SSSD

Changed in sssd (Ubuntu):
status: New → Triaged
assignee: nobody → Andreas Hasenack (ahasenack)
Andreas Hasenack (ahasenack) wrote :

Setting to incomplete pending confirmation from the reporter that the issue was the change in default values.

Changed in sssd (Ubuntu):
importance: Undecided → Medium
status: Triaged → Incomplete
Jens Elkner (jelmd) wrote :

Yes, this (the missing entries) fixed the problem (used 'ldap_autofs_entry_value = automountInformation') as mentioned in the URLs you gave.

Thanx a lot :) ,
jel.

Andreas Hasenack (ahasenack) wrote :

I'll mark the sssd task as invalid, since the software is working as intended.

I added a release notes task to record what we did, and marked it as fix released since the change is live already.

Thanks again for reporting this bug and helping make ubuntu better!

Changed in ubuntu-release-notes:
status: New → Fix Released
Changed in sssd (Ubuntu):
status: Incomplete → Invalid
Changed in ubuntu-release-notes:
assignee: nobody → Andreas Hasenack (ahasenack)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers