#3127 SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side
Closed: Fixed None Opened 2 years ago by jhrozek.

Most AD users store their UPN in an attribute. If they don't, or the sssd was configured (typically in earlier versions to work around a bug) to not look at the principal attribute, then sssd is supposed to guess the attribute.

That currently doesn't work in 1.14, because the username is already qualified and then we also append the realm name to it. We need to parse the simple username from the qualified name first.


Fields changed

owner: somebody => jhrozek
status: new => assigned

Fields changed

patch: 0 => 1

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.14.1

This ticket still needs a code-review, moving to 1.14.2

milestone: SSSD 1.14.1 => SSSD 1.14.2

master:
0302e3e

Thus bug is only in 1.14 branch

resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.14.2

2 years ago

Login to comment on this ticket.

Metadata