#3983 filter_users option is not applied to sub-domains if SSSD starts offline
Closed: Fixed 10 months ago by jhrozek. Opened 10 months ago by sbose.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1679173

Description of problem:
IPA/AD trust setup with 'domain_resolution_order' set to prefer AD over IdM
domain. In such a setup we see initgroup calls for root triggering LDAP backend
lookups.

Version-Release number of selected component (if applicable):
sssd-1.16.0-19.el7

How reproducible:
always

Steps to Reproduce:
1.Setup IdM/AD trust
2.Change domain resolution order to prefer the AD domain: 'ipa config-mod
--domain-resolution-order=ad.domain:ipa.domain'
3.Call 'id root'

Actual results:
LDAP lookups for 'root@ad.domain'

Expected results:
No LDAP lookups root 'root@ad.domain'

Additional info:
Adding 'root@ad.domain' to 'filter_users' in sssd.conf 'nss' section mitigates
the issue.

The issue is related to this (already closed) BZ:

id root triggers an LDAP lookup
https://bugzilla.redhat.com/show_bug.cgi?id=1479983

Metadata Update from @sbose:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1679173

10 months ago

Metadata Update from @sbose:
- Issue assigned to sbose

10 months ago

Commit 640edac relates to this ticket

Metadata Update from @jhrozek:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

10 months ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.2
- Issue tagged with: bug

10 months ago

Login to comment on this ticket.

Metadata