You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1176502
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
Description of problem:
the ldap search is run for posix groups (gidNumber has to be present). But sssd
does not do any ldap lookups for the non posix groups it only looks them up in
the cache - which does not work.
~~~
~~~
Version-Release number of selected component (if applicable):
The log excerpt above is from sssd-1.9.2-129.el6.x86_64
However I have verified that the bug exists on sssd-1.11.6-30.el6_6.3.x86_64
How reproducible:
Always
Steps to Reproduce:
This was tested against an AD IMU LDAP backend. ad_admins is a posix group from
ldap with nested non posix groups.
0. enumerate = true # in sssd.conf domain section
1. service sssd stop; rm /var/lib/sss/db/cache_EXAMPLE.COM.ldb
/var/lib/sss/db/ccache_EXAMPLE.COM; service sssd start
2. getent group ad_admins # does not list group members from nested groups
3. sss_cache -G # get rid of cache populated by enum
4. getent group ad_admins # lists group members - as backend uses the non enum
code path.
Actual results:
Nested non posix group members are not listed.
Expected results:
Nested non posix group members are listed.
Additional info:
See additional comments and attachments.
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/2552
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1176502
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
Comments
Comment from jhrozek at 2015-01-19 22:28:27
As discussed on our last team meeting, moving to 1.14 beta.
blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
mark: no => 0
milestone: NEEDS_TRIAGE => SSSD 1.14 beta
review: True => 0
selected: =>
testsupdated: => 0
Comment from jhrozek at 2015-07-28 20:06:37
Fields changed
priority: major => minor
sensitive: => 0
Comment from jhrozek at 2016-01-18 21:54:08
I think we should move this ticket to deferred, but I would also like to run this request past the rest of the devel team, therefore moving to triage.
milestone: SSSD 1.14 beta => NEEDS_TRIAGE
Comment from jhrozek at 2016-01-21 16:23:35
Upstream has no plans on making enumeration work with non-posix groups as well.
Closing.
resolution: => wontfix
status: new => closed
Comment from jhrozek at 2017-02-24 14:41:01
Metadata Update from @jhrozek:
The text was updated successfully, but these errors were encountered: