#3127 SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side
Closed: Fixed None Opened 6 years ago by jhrozek.

Most AD users store their UPN in an attribute. If they don't, or the sssd was configured (typically in earlier versions to work around a bug) to not look at the principal attribute, then sssd is supposed to guess the attribute.

That currently doesn't work in 1.14, because the username is already qualified and then we also append the realm name to it. We need to parse the simple username from the qualified name first.

Fields changed

owner: somebody => jhrozek
status: new => assigned

Fields changed

patch: 0 => 1

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.14.1

This ticket still needs a code-review, moving to 1.14.2

milestone: SSSD 1.14.1 => SSSD 1.14.2


Thus bug is only in 1.14 branch

resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.14.2

5 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4160

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.