You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Default Trust View in FreeIPA is designed to contain only users and groups from trusted domains. It makes zero sense to search overrides for the users from the primary IPA domain in it:
(Sat Jun 23 10:38:36 2018) [sssd[be[xs.ipa.cool]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:xs.ipa.cool:86f707d6-76c0-11e8-99bc-001a4a62eb77))][cn=Default Trust View,cn=views,cn=accounts,dc=xs,dc=ipa,dc=cool].
Note that it is OK to search users and groups from other IPA domains (when we get to implement IPA-IPA trust) but right now the search for the primary domain user/group overrides is not required and in fact is wrong.
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/3764
Default Trust View in FreeIPA is designed to contain only users and groups from trusted domains. It makes zero sense to search overrides for the users from the primary IPA domain in it:
Note that it is OK to search users and groups from other IPA domains (when we get to implement IPA-IPA trust) but right now the search for the primary domain user/group overrides is not required and in fact is wrong.
Comments
Comment from jhrozek at 2018-07-11 22:51:27
Metadata Update from @jhrozek:
Comment from jhrozek at 2018-08-13 10:14:35
Metadata Update from @jhrozek:
Comment from jhrozek at 2019-02-22 15:27:24
Metadata Update from @jhrozek:
Comment from jhrozek at 2019-06-13 23:11:21
Metadata Update from @jhrozek:
Comment from thalman at 2020-03-11 11:44:05
Metadata Update from @thalman:
Comment from thalman at 2020-03-12 10:24:45
Connected with bz https://bugzilla.redhat.com/show_bug.cgi?id=1772513
The text was updated successfully, but these errors were encountered: