#2412 Error processing universal groups with cross-domain membership in SSSD server mode
Closed: Fixed None Opened 5 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1131636

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

To reproduce:

1) establish a trust relationship between IPA and AD forest. The AD forest must have at least two trusted domains.
2) Add a universal group to AD. Add members from both AD domains
3) On the IPA server, run:
getent group universalgroup@ad.domain

With the current git master, the group cannot be resolved. SSSD hits a referral following the trusted domain.

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
milestone: NEEDS_TRIAGE => SSSD 1.12.1
review: True => 0
selected: =>
testsupdated: => 0

Mass-moving all tickets that didn't make 1.12.1 into 1.12.2

milestone: SSSD 1.12.1 => SSSD 1.12.2

Fields changed

owner: somebody => jhrozek
patch: 0 => 1
status: new => assigned

resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.12.2

3 years ago

Login to comment on this ticket.