Learn more about these different git repos.
Other Git URLs
We should use the Global Catalog to do SID -> Name resolution and also SID -> Posix ID resolution. The Global Catalog is the only correct way to handle AD Forests as it contains a summary of data from all domains in the forest. Using LDAP confines us to just the specific domain the AD server is part of, but not the rest of the forest. This means we may fail to resolve some of the SIDs for accunts that have group memberships spreads across a Forest.
Also the Global Catalog can be configured to exposed RFC2307 attributes, we should take advantage of this when available.
Not all AD servers are Global Catalog servers. So the address resolution for the Global Catalog need to be independent from the special 'ad port' trick, as the AD server we use for Krb/LDAP is not necessarily the same we want to use as Global Catalog. The local 'Site' should be used in preference for the Global Catalog as well.
Related to #364
milestone: NEEDS_TRIAGE => SSSD 1.10 beta rhbz: => 0 summary: Use the Global Catalog in SSSD for the AD provider => [RFE] Use the Global Catalog in SSSD for the AD provider
Fields changed
priority: major => critical
design: => design_review: => 0 fedora_test_page: => selected: => Want
design: => https://fedorahosted.org/sssd/wiki/DesignDocs/GlobalCatalogLookups owner: somebody => sbose
review: => 0
owner: sbose => jhrozek status: new => assigned
patch: 0 => 1
changelog: => Currently SSSD uses the standard LDAP interface of Active Directory to lookup users and groups when joined to an Active Directory domain. But the LDAP interface only offers information for users and groups of the local domain and not from the whole forest. This information is available in the Global Catalog of an Active Directory domain. To make lookups of users and groups from the whole forest easier SSSD should use the Global Catalog instead of the standard LDAP interface for the lookups.
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=969883 (Red Hat Enterprise Linux 7)
rhbz: 0 => [https://bugzilla.redhat.com/show_bug.cgi?id=969883 969883]
resolution: => fixed status: assigned => closed
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1042848 (Red Hat Enterprise Linux 6)
rhbz: [https://bugzilla.redhat.com/show_bug.cgi?id=969883 969883] => [https://bugzilla.redhat.com/show_bug.cgi?id=969883 969883], [https://bugzilla.redhat.com/show_bug.cgi?id=1042848 1042848]
Metadata Update from @simo: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.10 beta
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2599
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.