#2928 NSS responder should negatively cache local users for a longer time
Closed: Fixed None Opened 8 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1294670

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

When libc calls initgroups for a user who is not a member of any supplementary groups, the initgroups lookup will proceed through all the other modules.

We should add an option that would allow to look up a user in files if it wasn't found through sssd and if the user is found then, store the user in a longer lived negative cache.

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
mark: no => 0
review: True => 0
selected: =>
testsupdated: => 0
version: => 1.13.3

Is it possible to have a local user as a member of an ldap group?

In RFC-2307 it is and we support it.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.14 alpha

Fields changed

summary: Local users with local sudo rules causes LDAP queries => NSS responder should negatively cache local users for a longer time

This would be a nice task for Petr.

owner: somebody => pcech

Fields changed

status: new => assigned

Fields changed

patch: 0 => 1


resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to pcech
- Issue set to the milestone: SSSD 1.14 alpha

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3969

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.