SSSD / sssd

Clone

#2129 Always store users with FQDN with hardcoded format
Closed: Duplicate None Opened 10 years ago by jhrozek.

Closed: Duplicate
Reopen Issue

Currently we store the name attribute as plain name for master domains and FQDN for subdomains. Also, the way the FQDNs are stored to the cache is configurable, which poses a large number of problems.

Mainly getting (user,domain) tuple from the string that is the ghost attribute is complex and fragile. Consider a group entry such as:

cn: subgroup@subdom
ghost: someuser
ghost: anotheruser@subdom

Now in order to print all group members as FQDN (which is the default for AD provider), the code needs to iterate over the ghost attributes and parse them into (name,domain) and optionally re-add the domain..

We should store all users as "user@domain" always and never allow any other format.

Fields changed

milestone: NEEDS_TRIAGE => Temp milestone

Fields changed

rhbz: => 0

Fields changed

description: Currently we store the ghost attribute as plain name for master domains and FQDN for subdomains. Also, the way the ghost users are stored to the cache is configurable, which poses a large number of problems.

Mainly getting (user,domain) tuple from the string that is the ghost attribute is complex and fragile. Consider a group entry such as:
{{{
cn: subgroup@subdom
ghost: someuser
ghost: anotheruser@subdom
}}}

Now in order to print all group members as FQDN (which is the default for AD provider), the code needs to iterate over the ghost attributes and parse them into (name,domain) and optionally re-add the domain..

We should store the ghost attributes as "user@domain" always and never allow any other format. => Currently we store the name attribute as plain name for master domains and FQDN for subdomains. Also, the way the FQDNs are stored to the cache is configurable, which poses a large number of problems.

Mainly getting (user,domain) tuple from the string that is the ghost attribute is complex and fragile. Consider a group entry such as:
{{{
cn: subgroup@subdom
ghost: someuser
ghost: anotheruser@subdom
}}}

Now in order to print all group members as FQDN (which is the default for AD provider), the code needs to iterate over the ghost attributes and parse them into (name,domain) and optionally re-add the domain..

We should store all users as "user@domain" always and never allow any other format.
summary: Always store ghost users as FQDN with hardcoded format => Always store users with FQDN with hardcoded format

Fields changed

milestone: Temp milestone => SSSD 1.12 beta
type: defect => task

Should be done together with the rest of the sysdb refactor Michal is working on.

milestone: SSSD 1.12 beta => SSSD 1.13 beta

Fields changed

mark: => 0

Duplicate of #2011

resolution: => duplicate
status: new => closed

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.13.1
7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3171

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata
None
None
None
None
major
task
SSSD
1.11.1
None
0
0
0
0
0
None
None
None
0
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.