#1996 PAC responder: update cached user object instead of deleting and recreating them
Closed: Fixed None Opened 7 years ago by sbose.

The current scheme to update attributes in cached objects might lead to a loss of information. Instead of deleting and recreating the entry it should be updated to avoid the loss of attributes which could not be retrieved form the PAC.


Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11 beta
rhbz: => 0

Moving open tickets from 1.11 beta to 1.11 beta2

milestone: SSSD 1.11 beta => SSSD 1.11 beta 2

Additionally the PAC responder should check the mpg flag of the domain. If mpg is false the IDs are managed externally (on AD) and the primary group ID might be different than the one from the PAC. The PAC will always have the RID of the primary group as AD sees it, but the LDAP POSIX attribute might point to a completely different group. Since the LDAP attribute is authoritative in the case the PAC responder should not change the GID value at all.

Fields changed

owner: somebody => jhrozek
status: new => assigned

Fields changed

milestone: SSSD 1.11 beta 2 => SSSD 1.11 beta 3

Fields changed

owner: jhrozek => sbose
status: assigned => new

Fields changed

patch: 0 => 1

resolution: => fixed
status: new => closed

Metadata Update from @sbose:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.11.0

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3038

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata