Learn more about these different git repos.
Other Git URLs
SSSD is hooked to an LDAP database of two users, using rfc2307bis schema:
user1 is a member of cn=Staff,ou=Unit1,dc=domain user2 is a member of cn=Staff,ou=Unit2,dc=domain
While investigating why SSSD would mix up the group memberships of user1 and user2 in certain circumstances, SSSD developer Pavel was very helpful and pointed out that the cache can only see "cn=Staff", hence two groups share the same object in SSSD cache, causing unpredictable response in group membership query.
While the LDAP database setup is indeed unusual, I have seen it implemented in real scenarios, hence it would be very useful if SSSD could support the setup.
See Ticket #2923 for the complete discussion and setup details.
Maybe we could do this in the dbus API, but I don't think this is possible to do in the NSS API, because functions like getpwnam or getgrnam just take a name as input, so we don't really have a way to distinguish the two..
Please note that in the LDAP database, user1 directly belongs to cn=Staff,ou=Unit1, but cn=Staff is not a posixGroup. cn=Staff is a member of cn=All1, which is a posixGroup.
Could SSSD figure out that user1's posixGroup is cn=All1 (instead of cn=Staff), and cache cn=All1 instead of cn=Staff?
Fields changed
rhbz: => todo
Right, but we still save the groups to the cache where we don't handle the same names at the moment..
milestone: NEEDS_TRIAGE => SSSD Deferred
Metadata Update from @howardg: - Issue set to the milestone: SSSD Patches welcome
Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfill this request I am closing the issue as wontfix.
If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.
Thank you for understanding.
Metadata Update from @pbrezina: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3985
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.