Learn more about these different git repos.
Other Git URLs
From the downstream bugzilla: Sumit Bose 2015-09-21 04:13:57 EDT
I think checking against the LDAP port make sense as well, the user might have configured to use POSIX attributes in SSSD although there are none defined in AD.
I did some checks with the AD GUI and it looks like -2 cannot be entered. But there are some migration utilities which read NIS databases and put the data in the AD LDAP tree, maybe here there sre not such strict checks. Iirc -1 was often used as the UID of 'nobody' and -2 as the GID of 'nogroup'. They were transparently translated to the maximal and second maximal ID value on the system.
Maybe we can relax the check a bit and be happy if we find a UID or GID attribute at all? To make this more reliable we might want to improve the filter which is currently only '(|(uidNumber=)(gidNumber=))' by adding the objectclasses for user and group objects as well?
Fields changed
blockedby: => blocking: => changelog: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => mark: no => 0 owner: somebody => preichl review: True => 0 selected: => testsupdated: => 0
patch: 0 => 1
This is hitting customers upgrading from 1.10 or earlier to 1.11 in case their POSIX attributes are funky. Should be a blocker for 1.13.2.
We already have positive feedback about Pavel's patch.
priority: major => critical
milestone: NEEDS_TRIAGE => SSSD 1.13.2
resolution: => fixed status: new => closed
Metadata Update from @jhrozek: - Issue assigned to preichl - Issue set to the milestone: SSSD 1.13.2
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3841
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Log in to comment on this ticket.