#2161 tokenGroups do not work reliable with Global Catalog
Closed: Fixed None Opened 10 years ago by sbose.

The tokenGroups attribute only returns the correct group-memberships then the Global Catalog and the user are coming from the same domain. Lookups for users from other domains in the forest may return incomplete or wrong results.


Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11.3

Fields changed

owner: somebody => sbose
status: new => assigned

Fields changed

patch: 0 => 1

resolution: => fixed
status: assigned => closed

Fields changed

changelog: => The AD provider is able to resolve group memberships for groups with Global and Universal scope.
The initgroups (get groups for user) operation for users from trusted AD domains was mode reliable by reading the required tokenGroups attribute from LDAP instead of Global Catalog

Metadata Update from @sbose:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.11.3

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3203

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata