#2948 Handle overriden name of members in the memberUid attribute
Closed: Fixed None Opened 3 years ago by jhrozek.

Currently when AD user's name is overriden in the default trust view, then getgr* requests still report the original name:

$ getent passwd administrator@win.trust.test
admin_from_parent@win.trust.test:*:962400500:962400500:Administrator:/home/win.trust.test/administrator:
$ getent group admins@win.trust.test
admins@win.trust.test:*:962410634:administrator@win.trust.test

This is because the memberUid attribute is generated when the user is added, before the overrides are applied. We need to rename the entry when the login override is applied because the memberUid is only generated based on the name user's attribute.


Fields changed

owner: somebody => jhrozek
status: new => assigned

I think renaming is not a good idea. Either the memberUID generation should be enhanced to cover this case or the usage of memberUID should be dropped completely.

I would prefer to drop it. It was originally added as a performance improvement before the memory cache was introduced. At this time every getgrnam() and getgrgid() call hit the nss responder which had to resolve all group members, so having the list or results already in the group object made sense. Nowadays most the the requests will be answered from the memory cache and imo it is acceptable that the few request hitting the nss responder will require some additional searches.

Fields changed

cc: => sbose

It would be great to remove the memberUid attribute along with the plugin, but in short term we can remove the old entry and re-add the new name.

So far moving to 1.14 alpha, we can move to 1.13 if we see this is affecting users of the compat tree, becuse those rely on the getgrnam output.

milestone: NEEDS_TRIAGE => SSSD 1.14 alpha

Bugfixes shouldn't block the Beta release.

milestone: SSSD 1.14 alpha => SSSD 1.14.0

So far nobody complained about this bug and we need to keep the 1.14.0 release smaller. But since there is a fix, only moving to the small 1.15 release.

milestone: SSSD 1.14.0 => SSSD 1.15 Beta

Fields changed

patch: 0 => 1

milestone: SSSD 1.15 Beta => SSSD 1.14.1
resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.14.1

2 years ago

Login to comment on this ticket.

Metadata