#3373 Infopipe method ListByCertificate does not return the users with overrides

Created 6 days ago by frenaud
Modified 2 days ago

FreeIPA configured with an AD trust, user bob is an active directory user.
Define an override for user bob which overrides the certificate:

$ echo $PASSWD | kinit admin
$ ipa idoverrideuser-add 'Default Trust View' bob@DOM-AD.COM --certificate=MII...

The call to Dbus ListByCertificate should return user bob but doesn't:

$ sudo dbus-send --system --print-reply  --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users.ListByCertificate string:"$(cat cert.pem)" uint32:10
method return sender=:1.9 -> dest=:1.95 reply_serial=2
   array [

As a consequence, ipa certmap-match does not return the users with overrides.

Thanks for the bug report. Which exact version are you running? (The output of rpm -q sssd-common is probably best)

Hi, the version is sssd-common-1.15.2-15.el7.x86_64

Thank you, I can reproduce the issue now. It's something we need to fix very soon, so I'm adding it to the next milestone as critical.

4 days ago

Metadata Update from @jhrozek:
- Issue priority set to: critical
- Issue set to the milestone: SSSD 1.15.3

2 days ago

Metadata Update from @sbose:
- Issue assigned to sbose

Login to comment on this ticket.