Learn more about these different git repos.
Other Git URLs
The tokenGroups attribute only returns the correct group-memberships then the Global Catalog and the user are coming from the same domain. Lookups for users from other domains in the forest may return incomplete or wrong results.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1033096
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=1033096 1033096]
milestone: NEEDS_TRIAGE => SSSD 1.11.3
owner: somebody => sbose
status: new => assigned
patch: 0 => 1
resolution: => fixed
status: assigned => closed
changelog: => The AD provider is able to resolve group memberships for groups with Global and Universal scope.
The initgroups (get groups for user) operation for users from trusted AD domains was mode reliable by reading the required tokenGroups attribute from LDAP instead of Global Catalog
Metadata Update from @sbose:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.11.3
to comment on this ticket.