#2027 Domain Users memberships removed in subsequent lookups in server_mode
Closed: Fixed None Opened 10 years ago by jhrozek.

When the server mode is enabled, the first id(1) invocation sometimes includes Domain Users, while the next lookup does not. This may be related to SSSD filtering out built-in groups and it's inconsistent.


The bug only affects Domain Users. The problem is that while Domain Users is present in the TokenGroups and the PAC, it doesn't have any members in LDAP. In the AD provider, we were able to work around the issue as the primary GID is Domain Users, too, but the subdomains are MPG domains currently, so this workaround doesn't apply.

summary: Group memberships removed in subsequent lookups in server_mode => Domain Users memberships removed in subsequent lookups in server_mode

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11 beta 3
priority: major => minor

Fields changed

rhbz: => 0

Fields changed

patch: 0 => 1

resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.11.0

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3069

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata