#1996 PAC responder: update cached user object instead of deleting and recreating them
Closed: Fixed None Opened 5 years ago by sbose.

The current scheme to update attributes in cached objects might lead to a loss of information. Instead of deleting and recreating the entry it should be updated to avoid the loss of attributes which could not be retrieved form the PAC.


Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11 beta
rhbz: => 0

Moving open tickets from 1.11 beta to 1.11 beta2

milestone: SSSD 1.11 beta => SSSD 1.11 beta 2

Additionally the PAC responder should check the mpg flag of the domain. If mpg is false the IDs are managed externally (on AD) and the primary group ID might be different than the one from the PAC. The PAC will always have the RID of the primary group as AD sees it, but the LDAP POSIX attribute might point to a completely different group. Since the LDAP attribute is authoritative in the case the PAC responder should not change the GID value at all.

Fields changed

owner: somebody => jhrozek
status: new => assigned

Fields changed

milestone: SSSD 1.11 beta 2 => SSSD 1.11 beta 3

Fields changed

owner: jhrozek => sbose
status: assigned => new

Fields changed

patch: 0 => 1

resolution: => fixed
status: new => closed

Metadata Update from @sbose:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.11.0

2 years ago

Login to comment on this ticket.

Metadata