#3282 Group renaming issue when "id_provider = ldap" is set.

Created 3 months ago by jhrozek
Modified 2 months ago

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1401241

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Description of problem:

Group renaming issue when "id_provider = ldap" is set.

In ldap/Active Directory, if a group is renamed but retains the same gidNumber,
then in ldap client after cache expiry only the gidNumber is displayed for the
user, the new groupname is not displayed.

Version-Release number of selected component (if applicable):

sssd-1.9.2-129  and also 1.13.3

How reproducible:


Steps to Reproduce from latest case:

1) Create a test AD group (for example unixtest99) and test with the groups

   [user@server ~]$ groups
   Domain Linux Users Marketing unixtest99

2) Change the name of the group (from unixtest99 to unixtest04)

3) After sometime, check the groups again and see that it is not resolving to
the new name:

   [user@server ~]$ groups
   Domain Linux Users Marketing groups: cannot find name for group ID 10040

In short, if there are any changes to an AD group name, the customer has to
refresh the sssd cache, which may not scale well on a large system.

Actual results:
group name isn't returned

Expected results:
new group name is returned

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
mark: no => 0
owner: somebody => fidencio
patch: => 1
review: True => 0
selected: =>
testsupdated: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.14.3

2 months ago

Metadata Update from @jhrozek:
- Issue assigned to fidencio
- Issue set to the milestone: SSSD 1.14.3

Login to comment on this ticket.