Learn more about these different git repos.
Other Git URLs
Reported by dwmw2 on #sssd. He disabled ID mapping, yet the PAC responder was running and querying back end for SID resolution. (Also the queries were asking for users where it should have been groups, which is another issue)
The fact the provider is autostarted is not an issue. We just might not need to be always using it, especially for native IPA users.
We should pass some kind of flag to the krb5_child if the user is a native IPA one to not resolve the SIDS. In IPA we should simple resolve the groups by dereferencing memberof in a single call.
summary: The PAC responder is autostarted even if ldap_id_mapping explicitly off => The PAC responder is contacted even for local IPA users.
owner: somebody => sbose
patch: 0 => 1
status: new => assigned
This is an internal issue only and doesn't have to be cloned. It's safe to move to 1.10.0 bypassing the triage.
milestone: NEEDS_TRIAGE => SSSD 1.10.0
resolution: => fixed
status: assigned => closed
rhbz: => 0
Metadata Update from @jhrozek:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.10.0
to comment on this ticket.