Learn more about these different git repos.
Other Git URLs
Consider the following scenario:
In /etc/group: group 'wheel', gid: 10 In LDAP: username 'imposter', primary gid: 10
In this case, the user 'imposter' will have primary group 10 from SSSD, and then have wheel rights. If the LDAP source is untrusted, this is not correct behavior.
We're not sure if this applies to secondary groups as well.
Fields changed
cc: => andersk
We discussed this ticket at our most recent team meeting. The judgement that we made was that we're not going to address this ticket, for the following reasons: 1. There are two available workarounds. 1. Use the override_gid option to set all remote users' GID to the same (non-privileged) value 1. Use one or more of the access_provider options to restrict the set of users that can log in through sssd. For example, the simple access provider can limit logins to a whitelist of users or groups. 1. SSSD operates under the assumption that the central provider has correct information. We try to avoid altering this information for any reason other than incompleteness.
resolution: => wontfix status: new => closed
Metadata Update from @ezyang: - Issue set to the milestone: NEEDS_TRIAGE
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2391
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.