Learn more about these different git repos.
Other Git URLs
SSSD fails to filter out the child domain it is connected to when domain flatname is used instead of fully qualified domain name in sssd.conf, this leads to creation of an empty subdomain.
Reproducer: Join SSSD to child AD domain such as 'WINCHLD.AD.JSTEPHEN' with the following configuration(Parent domain is AD.JSTEPHEN):
[sssd] domains = winchld ... [domain/winchld] ... ad_domain = WINCHLD.AD.JSTEPHEN krb5_realm = WINCHLD.AD.JSTEPHEN
Try to resolve user in joined-to winchld domain and check the subdomains which get created.
[sssm_ad_subdomains_init] (0x2000): Initializing AD subdomains handler [new_subdomain] (0x0400): Creating [AD.JSTEPHEN] as subdomain of [winchld]! [ad_subdomains_process] (0x0400): Enabling subdomain WINCHLD.AD.JSTEPHEN [new_subdomain] (0x0400): Creating [WINCHLD.AD.JSTEPHEN] as subdomain of [winchld]! [ad_subdomains_refresh_done] (0x0400): Subdomains refreshed.
Downstream(1.13) this fails and leads to confusing log messages in the domain log:
[sdap_search_user_process] (0x0400): Search for users, returned 1 results. [sdap_get_users_done] (0x0040): Failed to retrieve users
Upstream, the user resolution works because cache_req falls back to trying other domains.
[cache_req_set_domain] (0x0400): CR #0: Using domain [WINCHLD.AD.JSTEPHEN] [cache_req_select_domains] (0x0400): CR #0: Performing a multi-domain search [cache_req_set_domain] (0x0400): CR #0: Using domain [winchld]
Thanks for the ticket. Is this request for a downstream version that will stay on 1.13 or for one that will get 1.15 in the next update?
@jhrozek I guess upstream assuming that is the preferred route, the downstream workaround to use the fully-qualified domain name is sufficient for the person who encountered this bug in 1.13
Metadata Update from @lslebodn: - Issue assigned to jstephen
https://github.com/SSSD/sssd/pull/230
Metadata Update from @jstephen: - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4395
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.