#1530 ldap_idmap_autorid_compat not working with tokenGroups
Closed: Fixed None Opened 7 years ago by myllynen.

With the following configuration the AD provider works as expected e.g. with "id -G testuser":

...
[domain/ad.example.com]
id_provider = ad
auth_provider = ad
access_provider = ad
chpass_provider = ad
ldap_referrals = False

But if adding "ldap_idmap_autorid_compat = True" then "id -G testuser" returns "no such user".


The problem is that we have a strict check at startup that the default domain SID is specified when using compat mode, which disagrees with the man pages which state that this is recommended, not mandatory.

Manually specifying the default domain SID restores normal functionality. I am sending a patch that loosens the startup check into a warning, rather than a misconfiguration failure.

component: SSSD => AD Provider
owner: somebody => sgallagh
patch: 0 => 1
status: new => assigned

master: 5dedd73

milestone: NEEDS_TRIAGE => SSSD 1.9.0
resolution: => fixed
status: assigned => closed

Fields changed

rhbz: => 0

Metadata Update from @myllynen:
- Issue assigned to sgallagh
- Issue set to the milestone: SSSD 1.9.0

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2572

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata