Issue #2407: simple_allow_groups does not lookup groups from other AD domains - sssd

SSSD / sssd

#2407 simple_allow_groups does not lookup groups from other AD domains

Closed: Fixed None Opened 9 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1125187

Description of problem:
simple_allow_groups does not lookup groups from other AD domains

Version-Release number of selected component (if applicable):
sssd-1.11.6-12.el6

How reproducible:
Always

Steps to Reproduce:
1. sssd configured for ad provider. primary domain=sssdad.com
[domain/sssdad.com]
id_provider = ad
debug_level = 0xFFF0
use_fully_qualified_names = True
access_provider = simple
simple_allow_groups=group1_dom3@child1.sssdad.com

2. Lookup the child domain group
# getent group group1_dom3@child1.sssdad.com
group1_dom3@child1.sssdad.com:*:1184401714:user1_dom3@child1.sssdad.com

3. # ssh -l user1_dom3@child1.sssdad.com localhost
user1_dom3@child1.sssdad.com@localhost's password:
Connection closed by ::1

Actual results:
Access is denied

Domain log shows:
(Thu Jul 31 05:07:32 2014) [sssd[be[sssdad.com]]]
[simple_check_get_groups_primary] (0x0040): Could not look up primary group
[1184401711]: [2][No such file or directory]
(Thu Jul 31 05:07:32 2014) [sssd[be[sssdad.com]]]
[simple_check_get_groups_send] (0x0400): All groups had name attribute
(Thu Jul 31 05:07:32 2014) [sssd[be[sssdad.com]]] [simple_access_check_done]
(0x2000): Group check done
(Thu Jul 31 05:07:32 2014) [sssd[be[sssdad.com]]] [simple_access_check_recv]
(0x1000): Access not granted

Expected results:
Access should be permitted

Additional info:

jhrozek commented 9 years ago

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => preichl
review: True => 0
selected: =>
testsupdated: => 0

jhrozek commented 9 years ago

As agreed on the Aug-14 meeting, moving to the 1.11.6 milestone

milestone: NEEDS_TRIAGE => SSSD 1.11.7

lslebodn commented 9 years ago

Fields changed

owner: preichl => lslebodn

lslebodn commented 9 years ago

Fields changed

status: new => assigned

lslebodn commented 9 years ago

Fields changed

patch: 0 => 1

jhrozek commented 9 years ago

master:
- 99f53d5
- 174e9ec
- 21f2821
sssd-1-11:
- 414f520
- 6656b81
- 97e5ea0

resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to lslebodn
- Issue set to the milestone: SSSD 1.11.7

7 years ago

pbrezina commented 3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3449

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata

Assignee

lslebodn

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

SSSD 1.11.7

type

defect

component

SSSD

version

None

selected

None

testsupdated

patch

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1125187

design_review

review

changelog

None

keywords

None

coverity

None

mark

None

blocking

None

design

None

sensitive

None

blockedby

None

feature_milestone

None

SSSD / sssd

Source Code

Documentation

#2407 simple_allow_groups does not lookup groups from other AD domains Closed: Fixed None Opened 9 years ago by jhrozek.

Metadata

#2407 simple_allow_groups does not lookup groups from other AD domains

Closed: Fixed None Opened 9 years ago by jhrozek.