#2412 Error processing universal groups with cross-domain membership in SSSD server mode
Closed: Fixed None Opened 6 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1131636

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

To reproduce:

1) establish a trust relationship between IPA and AD forest. The AD forest must have at least two trusted domains.
2) Add a universal group to AD. Add members from both AD domains
3) On the IPA server, run:
getent group universalgroup@ad.domain

With the current git master, the group cannot be resolved. SSSD hits a referral following the trusted domain.

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
milestone: NEEDS_TRIAGE => SSSD 1.12.1
review: True => 0
selected: =>
testsupdated: => 0

Mass-moving all tickets that didn't make 1.12.1 into 1.12.2

milestone: SSSD 1.12.1 => SSSD 1.12.2

Fields changed

owner: somebody => jhrozek
patch: 0 => 1
status: new => assigned

resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.12.2

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3454

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata