Learn more about these different git repos.
Other Git URLs
As the name 'domain-local' implies, groups with this scope are only valid in their local domain and should not be used outside. When e.g. looking at the PAC from a trusted domain only groups with global and universal scope are listed here.
When resolving the group memberships of users from trusted domains groups with a domain-local scope should be treated as non-POSIX groups. This has the advantage that nested-group memberships are still visible in the caches compared to completely ignoring those groups.
milestone: NEEDS_TRIAGE => SSSD 1.11.3
rhbz: => 0
rhbz: 0 =>
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1033096 (Red Hat Enterprise Linux 7)
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=1033096 1033096]
resolution: => fixed
status: new => closed
changelog: => The AD provider is able to resolve group memberships for groups with Global and Universal scope.
The initgroups (get groups for user) operation for users from trusted AD domains was mode reliable by reading the required tokenGroups attribute from LDAP instead of Global Catalog
Metadata Update from @sbose:
- Issue set to the milestone: SSSD 1.11.3
to comment on this ticket.