Replying to [ticket:1740 prefect]:

Since 4ee7f39, searching for *$ has been removed, so the short form is never found.

This is not entirely correct, the search for *$ has not been removed but rather moved down to the list. I think that makes sense, actually, as the wildcard matches should follow specific matches.

As a result, AD configurations that worked prior to this update that don't explicitly set ldap_sasl_authid now fail to find a suitable credential.

In particular, this is a result of many keytabs also having host/hostname@REALM, which, as it's a specific match gets matched before the wildcard *$@REALM.

Fields changed

owner: somebody => jhrozek
status: new => assigned

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=892197

rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=892197 892197]

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.4
patch: 0 => 1

Is there a way to set ldap_sasl_authid to something automatically on the upgrade to avoid manual changes?

Replying to [comment:5 dpal]:

Is there a way to set ldap_sasl_authid to something automatically on the upgrade to avoid manual changes?

There might be, but it's actually easier to fix the code.

• master: 3995189
• sssd-1-9: 07a833f

resolution: => fixed
status: assigned => closed

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2782

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.