[RFC] IPA: allow switching off user private groups for trusted AD users #4216

sssd-bot · 2020-05-02T13:31:41Z

Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/3183

Created at 2016-09-12 15:55:32 by sbose
Assigned to nobody
Associated bugzillas
- https://bugzilla.redhat.com/show_bug.cgi?id=1649464

IF algorithmic mapping is used trusted users from AD are assigned to a user private group (UPG). It should be possible to configure the id-range in a way to switch of UPGs and use the AD LDAP/PAC attribute primaryGroupID to determine the primary GID.

Related IPA ticket: https://fedorahosted.org/freeipa/ticket/6293

Comments

Comment from orion at 2016-09-12 17:43:23

Fields changed

cc: => orion@cora.nwra.com

Comment from jhrozek at 2016-09-23 10:07:30

Unfortunately this patch depends on FreeIPA ticket #6293 which needs to be implemented first and is currently under "Future releases", so I'm moving this ticket to "Deferred" for the time being.

We can move this ticket back when FreeIPA implements https://fedorahosted.org/freeipa/ticket/6293

milestone: NEEDS_TRIAGE => SSSD Deferred

Comment from jhrozek at 2016-09-23 10:11:35

Fields changed

rhbz: => todo

Comment from jhrozek at 2016-10-05 13:50:16

Not totally deferred, this ticket makes sense, it's "just" blocked by https://fedorahosted.org/freeipa/ticket/6293

milestone: SSSD Deferred => SSSD 1.16 beta

Comment from sbose at 2017-02-24 14:55:21

Metadata Update from @sbose:

Issue set to the milestone: SSSD Future releases (no date set yet)

Comment from pbrezina at 2020-03-13 11:31:07

Metadata Update from @pbrezina:

Custom field design_review reset (from 0)
Custom field mark reset (from 0)
Custom field patch reset (from 0)
Custom field review reset (from 0)
Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1649464 (was: todo)
Custom field sensitive reset (from 0)
Custom field testsupdated reset (from 0)
Issue close_status updated to: None

Comment from thalman at 2020-03-13 11:31:07

Metadata Update from @thalman:

Custom field design_review reset (from false)
Custom field mark reset (from false)
Custom field patch reset (from false)
Custom field review reset (from false)
Custom field rhbz adjusted to todo (was: https://bugzilla.redhat.com/show_bug.cgi?id=1649464)
Custom field sensitive reset (from false)
Custom field testsupdated reset (from false)
Issue close_status updated to: None
Issue tagged with: bugzilla

Comment from pbrezina at 2020-03-13 11:31:29

Metadata Update from @pbrezina:

Custom field design_review reset (from false)
Custom field mark reset (from false)
Custom field patch reset (from false)
Custom field review reset (from false)
Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1649464 (was: todo)
Custom field sensitive reset (from false)
Custom field testsupdated reset (from false)
Issue untagged with: bugzilla

Comment from pbrezina at 2020-03-13 11:31:47

Metadata Update from @pbrezina:

Custom field design_review reset (from false)
Custom field mark reset (from false)
Custom field patch reset (from false)
Custom field review reset (from false)
Custom field sensitive reset (from false)
Custom field testsupdated reset (from false)
Issue tagged with: bugzilla

:feature: `auto_private_groups` option can be set centrally through ID range setting in IPA (see `ipa idrange` commands family) Resolves: SSSD#4216

Resolves: SSSD#4216 :feature: `auto_private_groups` option can be set centrally through ID range setting in IPA (see `ipa idrange` commands family)

Resolves: SSSD#4216 :feature: `auto_private_groups` option can be set centrally through ID range setting in IPA (see `ipa idrange` commands family). This feature requires SSSD update on both client and server.

pbrezina · 2021-05-19T17:24:59Z

Pushed PR: #5613

master
- 706627c - cache_req: consider mpg_mode of each domain
- b099498 - ipa: read auto_private_groups from id range if available

sssd-bot added the Bugzilla label May 2, 2020

pbrezina added a commit to pbrezina/sssd that referenced this issue Apr 29, 2021

ipa: read auto_private_groups from id range if available

d0d7411

:feature: `auto_private_groups` option can be set centrally through ID range setting in IPA (see `ipa idrange` commands family) Resolves: SSSD#4216

pbrezina added a commit to pbrezina/sssd that referenced this issue Apr 29, 2021

ipa: read auto_private_groups from id range if available

79e00e0

Resolves: SSSD#4216 :feature: `auto_private_groups` option can be set centrally through ID range setting in IPA (see `ipa idrange` commands family)

pbrezina mentioned this issue Apr 29, 2021

ipa: read auto_private_groups from id range if available #5613

Closed

pbrezina added a commit to pbrezina/sssd that referenced this issue May 13, 2021

ipa: read auto_private_groups from id range if available

8d20780

Resolves: SSSD#4216 :feature: `auto_private_groups` option can be set centrally through ID range setting in IPA (see `ipa idrange` commands family)

pbrezina added a commit to pbrezina/sssd that referenced this issue May 17, 2021

ipa: read auto_private_groups from id range if available

e6eb696

Resolves: SSSD#4216 :feature: `auto_private_groups` option can be set centrally through ID range setting in IPA (see `ipa idrange` commands family)

pbrezina closed this as completed in b099498 May 19, 2021

pbrezina added the Closed: Fixed Issue was closed as fixed. label May 19, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[RFC] IPA: allow switching off user private groups for trusted AD users #4216

[RFC] IPA: allow switching off user private groups for trusted AD users #4216

sssd-bot commented May 2, 2020

pbrezina commented May 19, 2021