#3764 SSSD searches IPA users in Default Trust View
Closed: cloned-to-github 2 months ago by pbrezina. Opened 2 years ago by abbra.

Default Trust View in FreeIPA is designed to contain only users and groups from trusted domains. It makes zero sense to search overrides for the users from the primary IPA domain in it:

(Sat Jun 23 10:38:36 2018) [sssd[be[xs.ipa.cool]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:xs.ipa.cool:86f707d6-76c0-11e8-99bc-001a4a62eb77))][cn=Default Trust View,cn=views,cn=accounts,dc=xs,dc=ipa,dc=cool].

Note that it is OK to search users and groups from other IPA domains (when we get to implement IPA-IPA trust) but right now the search for the primary domain user/group overrides is not required and in fact is wrong.


Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.0

2 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.1 (was: SSSD 2.0)

2 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.2 (was: SSSD 2.1)
- Issue tagged with: performance

a year ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.3 (was: SSSD 2.2)

a year ago

Metadata Update from @thalman:
- Issue tagged with: bugzilla

4 months ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4770

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @pbrezina:
- Issue close_status updated to: cloned-to-github
- Issue status updated to: Closed (was: Open)

2 months ago

Login to comment on this ticket.

Metadata