#2345 tokengroups do not work with id_provider=ldap
Closed: Fixed None Opened 5 years ago by jhrozek.

Currently with id_provider=ldap and ldap_schema=ad I'm seeing:

(Mon Jun  2 13:37:05 2014) [sssd[be[AD-LDAP]]] [sdap_ad_tokengroups_initgr_mapping_send] (0x0020): No ID ctx available for [AD-LDAP].

We need to solve this bug because:
1. This is a regression. There are existing users running this setup, we've received bugs from them in the past
2. There is a layering violation in the AD provider. The file src/providers/ldap/sdap_async_initgroups_ad.c includes providers/ad/ad_common.h. We should not include headers from either IPA or AD provider in the plain LDAP provider.

I would argue that the tokenGroups should have been included in the AD provider only and not the LDAP provider because it's too AD specific anyway, but I'm not sure if we can revert that now..

According to the code, this bug also hits deployments with ldap_schema=rfc2307bis, the TG support is autodetected from the rootDSE. That makes the priority of this bug higher..

priority: major => blocker

Fields changed

owner: somebody => preichl

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11.7
rhbz: => todo

Fields changed

patch: 0 => 1

- 1614e1b
- b12e250
- 5001bab
- deb0cc8

resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to preichl
- Issue marked as blocked by: #2447
- Issue set to the milestone: SSSD 1.11.7

2 years ago

Login to comment on this ticket.