#2928 NSS responder should negatively cache local users for a longer time
Closed: Fixed None Opened 4 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1294670

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

When libc calls initgroups for a user who is not a member of any supplementary groups, the initgroups lookup will proceed through all the other modules.

We should add an option that would allow to look up a user in files if it wasn't found through sssd and if the user is found then, store the user in a longer lived negative cache.

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
mark: no => 0
review: True => 0
selected: =>
testsupdated: => 0
version: => 1.13.3

Is it possible to have a local user as a member of an ldap group?

In RFC-2307 it is and we support it.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.14 alpha

Fields changed

summary: Local users with local sudo rules causes LDAP queries => NSS responder should negatively cache local users for a longer time

This would be a nice task for Petr.

owner: somebody => pcech

Fields changed

status: new => assigned

Fields changed

patch: 0 => 1


resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to pcech
- Issue set to the milestone: SSSD 1.14 alpha

2 years ago

Login to comment on this ticket.