SSSD searches IPA users in Default Trust View

[sssd-bot]

Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/3764

• Created at 2018-06-23 10:42:53 by abbra
• Assigned to nobody

---

Default Trust View in FreeIPA is designed to contain only users and groups from trusted domains. It makes zero sense to search overrides for the users from the primary IPA domain in it:

(Sat Jun 23 10:38:36 2018) [sssd[be[xs.ipa.cool]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:xs.ipa.cool:86f707d6-76c0-11e8-99bc-001a4a62eb77))][cn=Default Trust View,cn=views,cn=accounts,dc=xs,dc=ipa,dc=cool].

Note that it is OK to search users and groups from other IPA domains (when we get to implement IPA-IPA trust) but right now the search for the primary domain user/group overrides is not required and in fact is wrong.

Comments

---

Comment from jhrozek at 2018-07-11 22:51:27

Metadata Update from @jhrozek:

• Issue set to the milestone: SSSD 2.0

---

Comment from jhrozek at 2018-08-13 10:14:35

Metadata Update from @jhrozek:

• Issue set to the milestone: SSSD 2.1 (was: SSSD 2.0)

---

Comment from jhrozek at 2019-02-22 15:27:24

Metadata Update from @jhrozek:

• Issue set to the milestone: SSSD 2.2 (was: SSSD 2.1)
• Issue tagged with: performance

---

Comment from jhrozek at 2019-06-13 23:11:21

Metadata Update from @jhrozek:

• Issue set to the milestone: SSSD 2.3 (was: SSSD 2.2)

---

Comment from thalman at 2020-03-11 11:44:05

Metadata Update from @thalman:

• Issue tagged with: bugzilla

---

Comment from thalman at 2020-03-12 10:24:45

Connected with bz https://bugzilla.redhat.com/show_bug.cgi?id=1772513