Issue #3613: auto_private_groups does not work with trusted domains with direct AD integration - sssd

SSSD / sssd

#3613 auto_private_groups does not work with trusted domains with direct AD integration

Closed: Fixed 6 years ago Opened 6 years ago by jhrozek.

It turns out that I totally forgot about trusted domains for direct integration. Currently they do not work the same way as the joined domain, so if I select auto_private_groups for the main domain, I get:

$ getent passwd puser(a)win.trust.test 
puser@win.trust.test:*:10000:10000:puser:/home/puser:/bin/sh

-- OK, both values are the same here. But:

$ getent passwd childuser(a)child.win.trust.test childuser@child.win.trust.test:*:30000:40000:childuser:/home/childuser@child.win.trust.test:/bin/bash

-- the user private group is not generated here.

I must have thought that subdomains with direct integration always use the private groups, but it's only true for ID mapping... Luckily we haven't released 1.16.1 yet, so I would like to just change the semantics of the auto_private_groups option to also affect trusted domains. If someone wants per-subdomain granularity, I would later prefer to make the option valid for the subdomain sections, but for the most part, I suspect that users will want all or nothing.

Metadata Update from @jhrozek:
- Issue tagged with: bug

6 years ago

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1327705

6 years ago

jhrozek commented 6 years ago

Issue linked to Bugzilla: Bug 1327705

Metadata Update from @jhrozek:
- Issue assigned to jhrozek

6 years ago

jhrozek commented 6 years ago

PR: https://github.com/SSSD/sssd/pull/491

Metadata Update from @jhrozek:
- Issue tagged with: PR

6 years ago

lslebodn commented 6 years ago

master:

29ebf45

Metadata Update from @lslebodn:
- Issue close_status updated to: Fixed
- Issue set to the milestone: SSSD 1.16.1
- Issue status updated to: Closed (was: Open)

6 years ago

pbrezina commented 3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4634

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata

Assignee

jhrozek

Tags

Blocking

None

Depending on

None

Priority

None

Milestone

SSSD 1.16.1

type

None

component

None

version

None

selected

None

testsupdated

None

patch

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1327705

design_review

None

review

None

changelog

None

keywords

None

coverity

None

mark

None

blocking

None

design

None

sensitive

None

blockedby

None

feature_milestone

None

SSSD / sssd

Source Code

Documentation

#3613 auto_private_groups does not work with trusted domains with direct AD integration Closed: Fixed 6 years ago Opened 6 years ago by jhrozek.

Metadata

PR bug

#3613 auto_private_groups does not work with trusted domains with direct AD integration

Closed: Fixed 6 years ago Opened 6 years ago by jhrozek.