#1567 SSSD should use UID/GID/SID/UUID for RDN attribute in the cache
Closed: Invalid None Opened 11 years ago by sgallagh.

Currently, much of the SSSD LDB cache is keyed on the name of the user, group, etc.

However, names are potentially changeable, whereas in realistic environments the ID never will be.

The benefit to switching would be to simplify the renaming code that we have throughout the SSSD as well as potentially simplifying the AD provider's SID->POSIX ID mapping (for those environments using assigned POSIX IDs instead of the automatic ID-mapping)

Obviously, upgrading to this new organization would need to be carefully thought-out.


FWIW I do not think we really need to change the database layout (modify the RDN).
We care about anchoring an object to a uuid really only when modifications are made to the database (relatively rare).
What matters is how we match a local database user to its counterpart in the remote server, that can be done by a different attribute in the object, doesn't have to be cached object RDN.

After an IRC discussion with Simo and Stephen we decided not to fix this ticket.We would rather store a RID (and filter by subdomain to avoid matching a user with the same RID coming from two domains).

design: =>
design_review: => 0
fedora_test_page: =>
resolution: => wontfix
status: new => closed

Metadata Update from @sgallagh:
- Issue set to the milestone: NEEDS_TRIAGE

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2609

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata