Lookups performed for some AD users from IPA client is failing with the error : "ipa_get_*_acct request failed: [12]: Cannot allocate memory"

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 7.5

Issue

Lookups performed for some AD users from IPA client is failing with the error : "ipa_get_*_acct request failed: [12]: Cannot allocate memory".
Other AD user lookups works.

Noticed the following errors in SSSD debug logs :

[sssd[be[ipa.example.com]]] [get_group_dn_list] (0x0040): find_domain_by_object_name failed.
[sssd[be[ipa.example.com]]] [ipa_s2n_get_user_done] (0x0040): get_group_dn_list failed.
[sssd[be[ipa.example.com]]] [sdap_id_op_done] (0x4000): releasing operation connection
[sssd[be[ipa.example.com]]] [ipa_subdomain_account_done] (0x0040): ipa_get_*_acct request failed: [12]: Cannot allocate memory.
[sssd[be[ipa.example.com]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
[sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,12,Out of memory


-----snip ----
var/log/sssd/sssd_nss.log
[sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 3 errno: 12 error message: Out of memory

Resolution

Currently SSSD is not capable of handling groups that contains "@" symbol in the group name.
It is recommended to change the group name and remove "@" symbol from any groups those failing users are part of.

Root Cause

Currently SSSD is not capable of handling groups that contains "@" symbol in the group name.

Diagnostic Steps

  • Below errors could be seen in /var/log/sssd/sssd_$domain.log
[sssd[be[ipa.example.com]]] [get_group_dn_list] (0x0040): find_domain_by_object_name failed.
[sssd[be[ipa.example.com]]] [ipa_s2n_get_user_done] (0x0040): get_group_dn_list failed.
[sssd[be[ipa.example.com]]] [sdap_id_op_done] (0x4000): releasing operation connection
[sssd[be[ipa.example.com]]] [ipa_subdomain_account_done] (0x0040): ipa_get_*_acct request failed: [12]: Cannot allocate memory.
[sssd[be[ipa.example.com]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
[sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,12,Out of memory
  • Below could be seen in /var/log/sssd/sssd_nss.log
[sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 3 errno: 12 error message: Out of memory

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments