Learn more about these different git repos.
Other Git URLs
It turns out that I totally forgot about trusted domains for direct integration. Currently they do not work the same way as the joined domain, so if I select auto_private_groups for the main domain, I get:
$ getent passwd puser(a)win.trust.test puser@win.trust.test:*:10000:10000:puser:/home/puser:/bin/sh
-- OK, both values are the same here. But:
$ getent passwd childuser(a)child.win.trust.test childuser@child.win.trust.test:*:30000:40000:childuser:/home/childuser@child.win.trust.test:/bin/bash
-- the user private group is not generated here.
I must have thought that subdomains with direct integration always use the private groups, but it's only true for ID mapping... Luckily we haven't released 1.16.1 yet, so I would like to just change the semantics of the auto_private_groups option to also affect trusted domains. If someone wants per-subdomain granularity, I would later prefer to make the option valid for the subdomain sections, but for the most part, I suspect that users will want all or nothing.
Metadata Update from @jhrozek: - Issue tagged with: bug
Metadata Update from @jhrozek: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1327705
Issue linked to Bugzilla: Bug 1327705
Metadata Update from @jhrozek: - Issue assigned to jhrozek
PR: https://github.com/SSSD/sssd/pull/491
Metadata Update from @jhrozek: - Issue tagged with: PR
master:
Metadata Update from @lslebodn: - Issue close_status updated to: Fixed - Issue set to the milestone: SSSD 1.16.1 - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4634
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.