#2161 tokenGroups do not work reliable with Global Catalog
Closed: Fixed None Opened 6 years ago by sbose.

The tokenGroups attribute only returns the correct group-memberships then the Global Catalog and the user are coming from the same domain. Lookups for users from other domains in the forest may return incomplete or wrong results.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11.3

Fields changed

owner: somebody => sbose
status: new => assigned

Fields changed

patch: 0 => 1

resolution: => fixed
status: assigned => closed

Fields changed

changelog: => The AD provider is able to resolve group memberships for groups with Global and Universal scope.
The initgroups (get groups for user) operation for users from trusted AD domains was mode reliable by reading the required tokenGroups attribute from LDAP instead of Global Catalog

Metadata Update from @sbose:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.11.3

2 years ago

Login to comment on this ticket.