Learn more about these different git repos.
Other Git URLs
As the name 'domain-local' implies, groups with this scope are only valid in their local domain and should not be used outside. When e.g. looking at the PAC from a trusted domain only groups with global and universal scope are listed here.
When resolving the group memberships of users from trusted domains groups with a domain-local scope should be treated as non-POSIX groups. This has the advantage that nested-group memberships are still visible in the caches compared to completely ignoring those groups.
milestone: NEEDS_TRIAGE => SSSD 1.11.3
rhbz: => 0
rhbz: 0 =>
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1033096 (Red Hat Enterprise Linux 7)
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=1033096 1033096]
resolution: => fixed
status: new => closed
changelog: => The AD provider is able to resolve group memberships for groups with Global and Universal scope.
The initgroups (get groups for user) operation for users from trusted AD domains was mode reliable by reading the required tokenGroups attribute from LDAP instead of Global Catalog
Metadata Update from @sbose:
- Issue set to the milestone: SSSD 1.11.3
SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here:
If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.
Thank you for understanding. We apologize for all inconvenience.
to comment on this ticket.