#2474 AD: do not override existing home-dir or shell if they are not available in the global catalog
Closed: Fixed 2 months ago by jhrozek. Opened 4 years ago by sbose.

By default we look up AD users via the LDAP port because not all attributes might be available in the global catalog.

During initgroups requests the GC is used as well to resolve forest-wide group memberships. We have to make sure that existing data from LDAP requests like home-dir and shell are not deleted because they are not available in the GC.


As sumit noted, there is a workaround, moving to 1.13

milestone: NEEDS_TRIAGE => SSSD 1.13 beta

Fields changed

rhbz: => todo

Fields changed

milestone: SSSD 1.13 beta => NEEDS_TRIAGE

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.13 backlog

This would get implemented when we don't use GC except for by-SID lookups and universal groups..

milestone: SSSD 1.13 backlog => SSSD 1.14 beta
sensitive: => 0

Replying to [comment:6 jhrozek]:

This would get implemented when we don't use GC except for by-SID lookups and universal groups..

Which is a stretch goal for 1.14, so I'm moving this ticket to the backlog.

milestone: SSSD 1.14 beta => SSSD 1.14 backlog

Since the 1.14 branch is transitioning into maintenance mode and new functionality is being developed in master which will become 1.15 eventually, I'm mass-moving tickets from the 1.14 backlog milestone to the "Future releases" milestone.

milestone: SSSD 1.14 backlog => SSSD Future releases (no date set yet)

Metadata Update from @sbose:
- Issue set to the milestone: SSSD Future releases (no date set yet)

2 years ago

Metadata Update from @sbose:
- Custom field design_review reset (from 0)
- Custom field mark reset (from 0)
- Custom field patch reset (from 0)
- Custom field review reset (from 0)
- Custom field sensitive reset (from 0)
- Custom field testsupdated reset (from 0)
- Issue close_status updated to: None

2 months ago

Commit 3cb9a3d relates to this ticket

Commit b2352a0 relates to this ticket

Metadata Update from @jhrozek:
- Custom field design_review reset (from false)
- Custom field mark reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue set to the milestone: SSSD 2.1 (was: SSSD Future releases (no date set yet))

2 months ago

Metadata Update from @jhrozek:
- Custom field design_review reset (from false)
- Custom field mark reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)

2 months ago

I'm explicitly not closing the ticket - @sbose, do you think there is more work to be done and the ticket should be kept open or can be closed? What about the two linked bugzillas?

Metadata Update from @jhrozek:
- Custom field design_review reset (from false)
- Custom field mark reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)

2 months ago

Hi,

I think the patch solves the issue covered by this ticket and also the 2 attached bugzilla tickets by just doing an LDAP instead of a GC lookup.

Since there is https://pagure.io/SSSD/sssd/issue/3538 to rethink how to use the Global catalog in general I think this ticket can be closed.

bye,
Sumit

Metadata Update from @sbose:
- Custom field design_review reset (from false)
- Custom field mark reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)

2 months ago

Metadata Update from @jhrozek:
- Custom field design_review reset (from false)
- Custom field mark reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

2 months ago

Login to comment on this ticket.

Metadata