2024-02-20 15:19:29 |
Gabriel Nagy |
bug |
|
|
added bug |
2024-03-28 08:03:45 |
Launchpad Janitor |
adsys (Ubuntu): status |
Fix Committed |
Fix Released |
|
2024-06-26 13:10:18 |
Gabriel Nagy |
description |
This is a regression from when we added support for multiple AD backends (see https://github.com/ubuntu/adsys/pull/467)
Previously adsys would use the first domain from `sssd.conf` and potentially override it if `ad_domain` is explicitly set for the domain, see: https://github.com/ubuntu/adsys/blob/32a830f2a8204cc8b896094bad512ed619fbf6b7/internal/adsysservice/adsysservice.go#L279-L280
The current implementation raises an error if we are not able to find an `ad_domain` setting in the domain section, even if we already have a domain (`sssdDomain`): https://github.com/ubuntu/adsys/blob/c68d2cc999d25b1cb408a9e31775a76d2af4c8c7/internal/ad/backends/sss/sss.go#L62-L65
Ideally we should set `domain` to `sssdDomain` if we cannot find a value for `ad_domain`, which will mimic the behavior previous to the refactor.
While by default joining a domain with `realm join` will set the appropriate configuration values in `sssd.conf` so this doesn't happen, this is a regression we should aim to fix.
### Steps to reproduce it
1. Join an AD domain with sssd (e.g. using `realm join`)
2. Install the latest version of adsys, run `adsysctl update -m -vv`, everything should work
3. Comment out the `ad_domain` line from `/etc/sssd/sssd.conf`
4. `adsysctl update -m -vv` now fails, and the adsysd service does not start anymore
5. (Optional) To confirm the functionality prior to the regression, re-attempt the steps above on Ubuntu 22.04 using the adsys version currently in the archive (0.9.2) -- adsys is able to correctly determine the domain even without the `ad_domain` setting.
GitHub issue: https://github.com/ubuntu/adsys/issues/910 |
This bug is not being verified individually because of the use of the SRU exception process (LP: #2059756)
-----
This is a regression from when we added support for multiple AD backends (see https://github.com/ubuntu/adsys/pull/467)
Previously adsys would use the first domain from `sssd.conf` and potentially override it if `ad_domain` is explicitly set for the domain, see: https://github.com/ubuntu/adsys/blob/32a830f2a8204cc8b896094bad512ed619fbf6b7/internal/adsysservice/adsysservice.go#L279-L280
The current implementation raises an error if we are not able to find an `ad_domain` setting in the domain section, even if we already have a domain (`sssdDomain`): https://github.com/ubuntu/adsys/blob/c68d2cc999d25b1cb408a9e31775a76d2af4c8c7/internal/ad/backends/sss/sss.go#L62-L65
Ideally we should set `domain` to `sssdDomain` if we cannot find a value for `ad_domain`, which will mimic the behavior previous to the refactor.
While by default joining a domain with `realm join` will set the appropriate configuration values in `sssd.conf` so this doesn't happen, this is a regression we should aim to fix.
### Steps to reproduce it
1. Join an AD domain with sssd (e.g. using `realm join`)
2. Install the latest version of adsys, run `adsysctl update -m -vv`, everything should work
3. Comment out the `ad_domain` line from `/etc/sssd/sssd.conf`
4. `adsysctl update -m -vv` now fails, and the adsysd service does not start anymore
5. (Optional) To confirm the functionality prior to the regression, re-attempt the steps above on Ubuntu 22.04 using the adsys version currently in the archive (0.9.2) -- adsys is able to correctly determine the domain even without the `ad_domain` setting.
GitHub issue: https://github.com/ubuntu/adsys/issues/910 |
|
2024-06-28 20:41:53 |
Steve Langasek |
adsys (Ubuntu Jammy): status |
New |
Fix Committed |
|
2024-06-28 20:41:55 |
Steve Langasek |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2024-06-28 20:41:57 |
Steve Langasek |
bug |
|
|
added subscriber SRU Verification |
2024-06-28 20:41:59 |
Steve Langasek |
tags |
|
verification-needed verification-needed-jammy |
|
2024-07-04 12:03:32 |
Gabriel Nagy |
tags |
verification-needed verification-needed-jammy |
verification-done verification-done-jammy |
|
2024-07-04 18:34:39 |
Andreas Hasenack |
adsys (Ubuntu Mantic): status |
New |
Fix Committed |
|
2024-07-04 18:34:45 |
Andreas Hasenack |
tags |
verification-done verification-done-jammy |
verification-done-jammy verification-needed verification-needed-mantic |
|
2024-07-05 08:17:54 |
Gabriel Nagy |
tags |
verification-done-jammy verification-needed verification-needed-mantic |
verification-done verification-done-jammy verification-done-mantic |
|
2024-07-09 18:11:25 |
Launchpad Janitor |
adsys (Ubuntu Jammy): status |
Fix Committed |
Fix Released |
|
2024-07-09 18:11:25 |
Launchpad Janitor |
cve linked |
|
2024-3094 |
|
2024-07-09 18:12:19 |
Brian Murray |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2024-07-25 20:39:27 |
Brian Murray |
adsys (Ubuntu Mantic): status |
Fix Committed |
Won't Fix |
|