Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1565761
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
Description of problem: Some SID which are well known & static should not be lookup in AD example https ://support.microsoft.com/en-in/help/243330/well-known-security-identifiers-in-w indows-operating-systems lookups of these well-known SIDs should not be necessary (due to the static nature, the data could be buillt-on for faster lookups) We see entries like [sdap_ad_tokengroups_get_posix_members] (0x0080): Domain not found for SID S-1-5-32-573 Grep for identical entries reveals the full list of well-known SIDs with logs entries as follows: S-1-5-32-545 S-1-5-32-548 S-1-5-32-549 S-1-5-32-550 S-1-5-32-551 S-1-5-32-555 S-1-5-32-573
Looks this code will fix the issue: sdap_ad_save_group_membership_with_idmapping(){ ./src/providers/ldap/sdap_async_initgroups_ad.c const char domptr; const char nameptr; if(well_known_sid_to_name(sid,&domptr, &nameptr) != EOK){ <<<<<<< domain = sss_get_domain_by_sid_ldap_fallback(user_dom, sid); if (domain == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, "Domain not found for SID %s\n", sid); continue; } } <<<<<<< }
But need to test it.
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.16.2 - Issue tagged with: easyfix
@amitkumar25nov yes, I think something like this, although I think it might be better to only call the well_known function in the fail handler to avoid printing the debug message, otherwise we would convert the sid to name needlessly.
It might be cleanest to add is_well_known_sid function, but I'm not sure if it's worth extending the API because of this single use-case..
Metadata Update from @jhrozek: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1565761
Issue linked to Bugzilla: Bug 1565761
Metadata Update from @jhrozek: - Issue tagged with: PR, bug
https://github.com/SSSD/sssd/pull/589
Metadata Update from @jhrozek: - Issue assigned to jhrozek
Metadata Update from @jhrozek: - Issue priority set to: minor
master: df8e105
Metadata Update from @fidencio: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4720
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.