#1995 The PAC responder is contacted even for local IPA users.
Closed: Fixed None Opened 6 years ago by jhrozek.

Reported by dwmw2 on #sssd. He disabled ID mapping, yet the PAC responder was running and querying back end for SID resolution. (Also the queries were asking for users where it should have been groups, which is another issue)


The fact the provider is autostarted is not an issue. We just might not need to be always using it, especially for native IPA users.

We should pass some kind of flag to the krb5_child if the user is a native IPA one to not resolve the SIDS. In IPA we should simple resolve the groups by dereferencing memberof in a single call.

summary: The PAC responder is autostarted even if ldap_id_mapping explicitly off => The PAC responder is contacted even for local IPA users.

Fields changed

owner: somebody => sbose
patch: 0 => 1
status: new => assigned

This is an internal issue only and doesn't have to be cloned. It's safe to move to 1.10.0 bypassing the triage.

milestone: NEEDS_TRIAGE => SSSD 1.10.0
resolution: => fixed
status: assigned => closed

Fields changed

rhbz: => 0

Metadata Update from @jhrozek:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.10.0

2 years ago

Login to comment on this ticket.

Metadata