#2027 Domain Users memberships removed in subsequent lookups in server_mode
Closed: Fixed None Opened 6 years ago by jhrozek.

When the server mode is enabled, the first id(1) invocation sometimes includes Domain Users, while the next lookup does not. This may be related to SSSD filtering out built-in groups and it's inconsistent.


The bug only affects Domain Users. The problem is that while Domain Users is present in the TokenGroups and the PAC, it doesn't have any members in LDAP. In the AD provider, we were able to work around the issue as the primary GID is Domain Users, too, but the subdomains are MPG domains currently, so this workaround doesn't apply.

summary: Group memberships removed in subsequent lookups in server_mode => Domain Users memberships removed in subsequent lookups in server_mode

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11 beta 3
priority: major => minor

Fields changed

rhbz: => 0

Fields changed

patch: 0 => 1

resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.11.0

2 years ago

Login to comment on this ticket.

Metadata