SSSD / sssd

Clone

5d50621 ipa s2n: do not add UPG member

1 file Authored by sbose 5 years ago, Committed by jhrozek 5 years ago,
raw patch tree parent
1 file changed. 23 lines added. 4 lines removed.
src/providers/ipa/ipa_s2n_exop.c
file modified
+23 -4 
    ipa s2n: do not add UPG member
    
    Currently the IPA provider uses user private groups for users from
    trusted AD domains with automatic ID-mapping. Here a single cached user
    object is used for both user and group. Since the user private group is
    the primary group of the user it is expected that there is no explicit
    member attribute.
    
    While processing the group membership on an IPA client the user private
    group is treated as ordinary group and a member attribute is added. As a
    result the user cannot be deleted anymore due to an error caused by the
    memberOf plugin because there is a member attribute without a matching
    memberOf. This patch makes sure user private groups are skipped.
    
    Related to https://pagure.io/SSSD/sssd/issue/3984
    
    Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
file modified
+23 -4
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.