Learn more about these different git repos.
Other Git URLs
Right now, in Fleet Commander, we can create a profile and assign that profile to a single user. That profile should be assigned to that user whatever the host he logs in.
Right now, the way FreeIPA and SSSD works is that profile is not being applied unles you specify a valid host for the profile. We have worked that around creating a group with all hosts in it and an automember rule for adding all new hosts to that group. Then fleet commander handles it under the hood so the user does not have to specify any host/hostgroup to get that behavior.
After me and @aruiz were talking with @abbra and @fidencio they explained the way SSSD works is to not retrieve anything not related to the host it is running, and @abbra suggested some kind of ACL development to allow the behavior we exposed.
So this bug is mainly to discuss the options for getting that behavior and ask for the implementation.
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.16.0
There are several aspects here:
I've talked to @abbra on IRC and the SSSD part of this feature request is already implemented.
I'll keep this bug opened till the Fleet Commander patches get merged and till https://github.com/abbra/freeipa-desktop-profile/issues/3 is resolved.
Metadata Update from @fidencio: - Issue assigned to fidencio
Part of https://github.com/SSSD/sssd/pull/241
Metadata Update from @fidencio: - Custom field patch adjusted to on
Sorry, if this is part of the PR under review, then we should move this to 1.15.4..
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.15.4 (was: SSSD 1.16.0) - Issue tagged with: PR
Metadata Update from @jhrozek: - Issue priority set to: major
@fidencio for now I'm moving the ticket to 1.16.1, but please let me know if that is the right milestone or if we should close the ticket or move it elsewhere
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.16.1 (was: SSSD 1.15.4)
This issue had been fixed by @abbra by updating the ACLs on freeipa-desktop-profiles (https://github.com/abbra/freeipa-desktop-profile/commit/194ca4410ffcdcafa3f870ff4513649e273649ea) and AFAIK @fidencio did the modifications needed in SSSD to work with that.
@ogutierrez, I did the fix, indeed. But I'd like to only close this bug when your changes on FleetCommander side are done and you get back to us saying that both mine and @abbra changes are working as expected.
I completely lost track of this. I tested the fix and it worked perfectly. In fact, I added the patch to FLeet Commander maybe one or two weeks after your modifications and I thing I reported back on IRC but not here.
It is already done and tested, and it is working like a charm.
Okay, so I'm closing the ticket as the fix was part of https://github.com/SSSD/sssd/pull/241
Metadata Update from @fidencio: - Issue close_status updated to: Fixed - Issue set to the milestone: SSSD 1.16.0 (was: SSSD 1.16.1) - Issue status updated to: Closed (was: Open)
Metadata Update from @fidencio: - Issue status updated to: Open (was: Closed)
Seems that this issue was not actually fixed as Oliver just found out a crash happening when user category or host category is set.
Here's the PR: https://github.com/SSSD/sssd/pull/495
I've tested the fix built by Fabiano for this PR and now it worked perfectly.
Thanks for the work done on this.
Metadata Update from @jhrozek: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1538643
Issue linked to Bugzilla: Bug 1538643
Metadata Update from @jhrozek: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4476
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.