#2142 AD Enumeration reads data from LDAP while regular lookups connect to GC
Closed: Fixed None Opened 5 years ago by jhrozek.

We have a bad inconsistency when performing lookups. When enumerating users and groups, we connect to LDAP port automatically, while when doing regular lookups, we connect to GC.

This can have very confusing consequences if POSIX attributes are requested but not replicated to GC -- the users that are enumerated will show up with POSIX attributes, but since initgroups are performed against GC, the attributes not present in GC but present in LDAP are deleted from sysdb.


Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11.3

Fields changed

owner: somebody => jhrozek

Fields changed

patch: 0 => 1

Fields changed

milestone: SSSD 1.11.3 => SSSD 1.11.4

Fields changed

changelog: => Regular user lookups and enumeration task that runs in the background used a different Active Directory server port for the lookups which might have resulted in inconsistent results when requesting user and/or group information.

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.11.4

2 years ago

Login to comment on this ticket.

Metadata