Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1176502
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
Description of problem: the ldap search is run for posix groups (gidNumber has to be present). But sssd does not do any ldap lookups for the non posix groups it only looks them up in the cache - which does not work. ~~~ ~~~ Version-Release number of selected component (if applicable): The log excerpt above is from sssd-1.9.2-129.el6.x86_64 However I have verified that the bug exists on sssd-1.11.6-30.el6_6.3.x86_64 How reproducible: Always Steps to Reproduce: This was tested against an AD IMU LDAP backend. ad_admins is a posix group from ldap with nested non posix groups. 0. enumerate = true # in sssd.conf domain section 1. service sssd stop; rm /var/lib/sss/db/cache_EXAMPLE.COM.ldb /var/lib/sss/db/ccache_EXAMPLE.COM; service sssd start 2. getent group ad_admins # does not list group members from nested groups 3. sss_cache -G # get rid of cache populated by enum 4. getent group ad_admins # lists group members - as backend uses the non enum code path. Actual results: Nested non posix group members are not listed. Expected results: Nested non posix group members are listed. Additional info: See additional comments and attachments.
As discussed on our last team meeting, moving to 1.14 beta.
blockedby: => blocking: => changelog: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => mark: no => 0 milestone: NEEDS_TRIAGE => SSSD 1.14 beta review: True => 0 selected: => testsupdated: => 0
Fields changed
priority: major => minor sensitive: => 0
I think we should move this ticket to deferred, but I would also like to run this request past the rest of the devel team, therefore moving to triage.
milestone: SSSD 1.14 beta => NEEDS_TRIAGE
Upstream has no plans on making enumeration work with non-posix groups as well.
Closing.
resolution: => wontfix status: new => closed
Metadata Update from @jhrozek: - Issue set to the milestone: NEEDS_TRIAGE
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3594
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.