#2385 ad: group membership is empty when id mapping is off and tokengroups are enabled
Closed: Fixed None Opened 5 years ago by pbrezina.

When id_provider=ad, id mapping is off but tokengroups are used the first initgroups attempt yields empty membership (only primary group is shown). The successive initgroups works correctly.

  • SIDs are acquired correctly from tokengroups
  • if SID is already in the cache the membership is updated
  • missing SIDs are downloaded but membership is not updated

Reported by jhodrien on IRC.


Fields changed

description: When id_provider=ad, id mapping is off but tokengroups are used the first initgroups attempt yields empty membership (only primary group is shown). The successive initgroups works correctly.

  • SIDs are acquired correctly from tokengroups
  • if SID is already in the cache the membership is updated
  • missing SIDs are downloaded but membership is not updated
    => When id_provider=ad, id mapping is off but tokengroups are used the first initgroups attempt yields empty membership (only primary group is shown). The successive initgroups works correctly.

  • SIDs are acquired correctly from tokengroups

  • if SID is already in the cache the membership is updated
  • missing SIDs are downloaded but membership is not updated

Reported by jhodrien on IRC.

Fields changed

owner: somebody => pbrezina
status: new => assigned

Fields changed

patch: 0 => 1

resolution: => fixed
status: assigned => closed

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11.7

Metadata Update from @pbrezina:
- Issue assigned to pbrezina
- Issue set to the milestone: SSSD 1.11.7

2 years ago

Login to comment on this ticket.

Metadata