SSSD / sssd

Clone

ad6ab35 AD/LDAP: do not fall back to mpg user lookup on GC connection

3 files Authored by sbose 5 years ago, Committed by jhrozek 5 years ago,
raw patch tree parent
3 files changed. 5 lines added. 1 lines removed.
src/providers/ad/ad_common.c
file modified
+1 -0
src/providers/ldap/ldap_common.h
file modified
+2 -0
src/providers/ldap/ldap_id.c
file modified
+2 -1 
    AD/LDAP: do not fall back to mpg user lookup on GC connection
    
    For MPG domains a group lookup might fall back to a user lookup to check
    if the request is for a user private group. Since we cannot be sure that
    all needed attributes for a user are replicated to the Global Catalog we
    do not want to lookup the user during the fall back from the Global
    Catalog.
    
    Since we cannot skip Global Catalog lookups for groups completely due to
    membership to groups with universal scope this patch adds a flag to tell
    the lower level lookup calls to not fall back on connections to a Global
    Catalog.
    
    Related to https://pagure.io/SSSD/sssd/issue/3748
    
    Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
file modified
+1 -0
file modified
+2 -0
file modified
+2 -1
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.