FreeIPA configured with an AD trust, user bob is an active directory user.
Define an override for user bob which overrides the certificate:
$ echo $PASSWD | kinit admin
$ ipa idoverrideuser-add 'Default Trust View' bob@DOM-AD.COM --certificate=MII...
The call to Dbus ListByCertificate should return user bob but doesn't:
$ sudo dbus-send --system --print-reply --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users.ListByCertificate string:"$(cat cert.pem)" uint32:10
method return sender=:1.9 -> dest=:1.95 reply_serial=2
As a consequence, ipa certmap-match does not return the users with overrides.
Thanks for the bug report. Which exact version are you running? (The output of rpm -q sssd-common is probably best)
Hi, the version is sssd-common-1.15.2-15.el7.x86_64
Thank you, I can reproduce the issue now. It's something we need to fix very soon, so I'm adding it to the next milestone as critical.
Metadata Update from @jhrozek:
- Issue priority set to: critical
- Issue set to the milestone: SSSD 1.15.3
Metadata Update from @sbose:
- Issue assigned to sbose
to comment on this ticket.
Copyright © 2014-2017 Red Hat
2.14.2 — Documentation