Learn more about these different git repos.
Other Git URLs
When communicating with AD providers that are using assigned POSIX IDs instead of performing automatic SID mapping, we should maintain the original SID for groups in the cache.
We want to be able to rely on cache lookups for SIDs in order to enable the use of tokenGroups lookups for fast initgroups() requests against AD.
In the first implementation, it's probably safe to assume that the POSIX ID will never change (without a full cache deletion). Thus the SID->POSIX mapping should always be correct.
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.10 beta rhbz: => 0 summary: AD Provider should use tokenGroups with non-ID-mapping => [RFE] AD Provider should use tokenGroups with non-ID-mapping
design: => design_review: => 0 fedora_test_page: => selected: => Want
priority: major => critical
priority: critical => major
review: => 1
owner: somebody => okos
status: new => assigned
Just as a reminder, please make sure to document in the manpage that the SID<->POSIX mappings require a full cache deletion if the statically-assigned POSIX ID changes in AD.
Alternately, we may want to open another ticket to extend the sss_cache tool to be able to reset the mapping state (so it's recalculated).
Replying to [comment:9 sgallagh]:
+1
Care to open a ticket? This might be a nice to have task for some external contributor..
Since there is no string change moving to 1.10.
milestone: SSSD 1.10 beta => SSSD 1.10.0
changelog: => Performance improvement. design: => N/A (trivial)
Performance improvement not critical for the 1.10.0 release.
milestone: SSSD 1.10.0 => SSSD 1.10.1
Moving tickets that didn't make 1.10.1 to the 1.10.2 bucket.
Moving tickets that didn't make 1.10.1 to 1.10.2
milestone: SSSD 1.10.1 => SSSD 1.10.2
patch: 0 => 1
The patch is on list but since we've moved all supported releases to 1.11.x, I'd rather not add additional RFE to 1.10 only and add this enhancement to 1.11.2
milestone: SSSD 1.10.2 => SSSD 1.11.2
owner: okos => pbrezina status: assigned => new
Lowering priority for 1.11.2
priority: critical => minor
Did not make 1.11.2 after all.
milestone: SSSD 1.11.2 => SSSD 1.11.3
resolution: => fixed status: new => closed
Metadata Update from @sgallagh: - Issue assigned to pbrezina - Issue marked as blocked by: #1887 - Issue set to the milestone: SSSD 1.11.3
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2610
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.