Issue #2917: Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - sssd

SSSD / sssd

#2917 Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore

Closed: Fixed None Opened 8 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1296618

Description of problem:
Since the DNs in the SSSD cache differ from the DNs of the original objects
SSSD saves the original DN in attributes prefixed by 'original'. The is done
for the memberOf attributes of a user as well. If now e.g. from a AD user all
secondary group memberships are removed, i.e. the user is only member of the
primary group which is 'Domain Users' in the AD case, there are no memberOf
attributes in the original object anymore. In this case any existing
OriginalMemberOf attributes are not removed from the cache. This can be seen by
checking the cache entry with the ldbsearch utility.

jhrozek commented 8 years ago

Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1296620 (Red Hat Enterprise Linux 6)

rhbz: [https://bugzilla.redhat.com/show_bug.cgi?id=1296618 1296618] => [https://bugzilla.redhat.com/show_bug.cgi?id=1296618 1296618], [https://bugzilla.redhat.com/show_bug.cgi?id=1296620 1296620]

sbose commented 8 years ago

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
mark: no => 0
owner: somebody => sbose
review: True => 0
selected: =>
status: new => assigned
testsupdated: => 0

jhrozek commented 8 years ago

master: 9a2f018
sssd-1-13: 93b7582

Since the bug is fixed and cloned downstream, I also took the liberty of moving to sssd 1.13.4 milestone

milestone: NEEDS_TRIAGE => SSSD 1.13.4
resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.13.4

7 years ago

pbrezina commented 3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3958

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata

Assignee

sbose

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

SSSD 1.13.4

type

defect

component

SSSD

version

None

selected

None

testsupdated

patch

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1296618, https://bugzilla.redhat.com/show_bug.cgi?id=1296620

design_review

review

changelog

None

keywords

None

coverity

None

mark

blocking

None

design

None

sensitive

None

blockedby

None

feature_milestone

None

SSSD / sssd

Source Code

Documentation

#2917 Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore Closed: Fixed None Opened 8 years ago by jhrozek.

Metadata

#2917 Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore

Closed: Fixed None Opened 8 years ago by jhrozek.