Learn more about these different git repos.
Other Git URLs
FreeIPA configured with an AD trust, user bob is an active directory user. Define an override for user bob which overrides the certificate:
$ echo $PASSWD | kinit admin $ ipa idoverrideuser-add 'Default Trust View' bob@DOM-AD.COM --certificate=MII...
The call to Dbus ListByCertificate should return user bob but doesn't:
$ sudo dbus-send --system --print-reply --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users.ListByCertificate string:"$(cat cert.pem)" uint32:10 method return sender=:1.9 -> dest=:1.95 reply_serial=2 array [ ]
As a consequence, ipa certmap-match does not return the users with overrides.
Thanks for the bug report. Which exact version are you running? (The output of rpm -q sssd-common is probably best)
Hi, the version is sssd-common-1.15.2-15.el7.x86_64
Thank you, I can reproduce the issue now. It's something we need to fix very soon, so I'm adding it to the next milestone as critical.
Metadata Update from @jhrozek: - Issue priority set to: critical - Issue set to the milestone: SSSD 1.15.3
Metadata Update from @sbose: - Issue assigned to sbose
Metadata Update from @sbose: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1446139
Issue linked to Bugzilla: Bug 1446139
Metadata Update from @sbose: - Custom field patch adjusted to on - Custom field rhbz reset (from https://bugzilla.redhat.com/show_bug.cgi?id=1446139)
Metadata Update from @jhrozek: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4403
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.