Issue #2345: tokengroups do not work with id_provider=ldap - sssd - Pagure.io

SSSD / sssd

#2345 tokengroups do not work with id_provider=ldap

Closed: Fixed None Opened 9 years ago by jhrozek.

Currently with id_provider=ldap and ldap_schema=ad I'm seeing:

(Mon Jun  2 13:37:05 2014) [sssd[be[AD-LDAP]]] [sdap_ad_tokengroups_initgr_mapping_send] (0x0020): No ID ctx available for [AD-LDAP].

We need to solve this bug because:
1. This is a regression. There are existing users running this setup, we've received bugs from them in the past
2. There is a layering violation in the AD provider. The file src/providers/ldap/sdap_async_initgroups_ad.c includes providers/ad/ad_common.h. We should not include headers from either IPA or AD provider in the plain LDAP provider.

I would argue that the tokenGroups should have been included in the AD provider only and not the LDAP provider because it's too AD specific anyway, but I'm not sure if we can revert that now..

jhrozek commented 9 years ago

According to the code, this bug also hits deployments with ldap_schema=rfc2307bis, the TG support is autodetected from the rootDSE. That makes the priority of this bug higher..

priority: major => blocker

preichl commented 9 years ago

Fields changed

owner: somebody => preichl

dpal commented 9 years ago

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11.7
rhbz: => todo

preichl commented 9 years ago

Fields changed

patch: 0 => 1

jhrozek commented 9 years ago

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1120508

rhbz: todo => [https://bugzilla.redhat.com/show_bug.cgi?id=1120508 1120508]

jhrozek commented 9 years ago

master:
- 1614e1b
- b12e250
sssd-1-11:
- 5001bab
- deb0cc8

resolution: => fixed
status: new => closed

jhrozek commented 9 years ago

Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1146541 (Red Hat Enterprise Linux 7)

rhbz: [https://bugzilla.redhat.com/show_bug.cgi?id=1120508 1120508] => [https://bugzilla.redhat.com/show_bug.cgi?id=1120508 1120508], [https://bugzilla.redhat.com/show_bug.cgi?id=1146541 1146541]

Metadata Update from @jhrozek:
- Issue assigned to preichl
- Issue marked as blocked by: #2447
- Issue set to the milestone: SSSD 1.11.7

7 years ago

pbrezina commented 3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3387

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata

Assignee

Tags

None

Blocking

None

Depending on

#2447

AD Provider crashes when looking up the "Domain Users" group

Priority

blocker

Milestone

SSSD 1.11.7

type

defect

component

SSSD

version

1.11.5.1

selected

None

testsupdated

0

patch

1

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1120508, https://bugzilla.redhat.com/show_bug.cgi?id=1146541

design_review

0

review

0

changelog

None

keywords

None

coverity

None

mark

None

blocking

None

design

None

sensitive

None

cc

None

blockedby

None

feature_milestone

None

Powered by Pagure 5.13.3

Documentation • File an Issue • About • SSH Hostkey/Fingerprint

© Red Hat, Inc. and others.