You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please add an {{{ipa_hbac_search_base}}} option to SSSD that defaults to {{{ldap_search_base}}} and perform lookups with an LDAP search expression including the HBAC objectClass.
Unfortunately, we can't default to the base_dn for {{{ldap_search_base}}} in IPA because of the compat tree. If we search from the base, we always get duplicate entries (and it plays havoc with our processing).
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/777
Currently the search paths for HBAC data are hardcoded. Chances are that these might change in future so a more flexible solution needs to be found.
Comments
Comment from sgallagh at 2011-01-17 15:37:23
Please add an {{{ipa_hbac_search_base}}} option to SSSD that defaults to {{{ldap_search_base}}} and perform lookups with an LDAP search expression including the HBAC objectClass.
doc: 0 => 1
milestone: NEEDS_TRIAGE => SSSD 1.5.1
priority: major => critical
tests: 0 => 1
Comment from sbose at 2011-01-18 13:10:15
We set ldap_search_base to "cn=accounts"+base_dn in ipa_common.c. So if we do not change this, too, I would suggest to default to the base_dn.
Comment from sgallagh at 2011-01-18 13:17:38
Unfortunately, we can't default to the base_dn for {{{ldap_search_base}}} in IPA because of the compat tree. If we search from the base, we always get duplicate entries (and it plays havoc with our processing).
Comment from sbose at 2011-01-18 13:28:30
Ah, sorry, I've meant to use the base DN as a default for ipa_hbac_search_base not for ldap_search_base.
Comment from sbose at 2011-01-20 12:57:11
fixed by 56789cf
resolution: => fixed
status: new => closed
Comment from dpal at 2012-01-19 03:04:07
Fields changed
rhbz: => 0
Comment from sbose at 2017-02-24 15:03:31
Metadata Update from @sbose:
The text was updated successfully, but these errors were encountered: