Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1679173
Description of problem: IPA/AD trust setup with 'domain_resolution_order' set to prefer AD over IdM domain. In such a setup we see initgroup calls for root triggering LDAP backend lookups. Version-Release number of selected component (if applicable): sssd-1.16.0-19.el7 How reproducible: always Steps to Reproduce: 1.Setup IdM/AD trust 2.Change domain resolution order to prefer the AD domain: 'ipa config-mod --domain-resolution-order=ad.domain:ipa.domain' 3.Call 'id root' Actual results: LDAP lookups for 'root@ad.domain' Expected results: No LDAP lookups root 'root@ad.domain' Additional info: Adding 'root@ad.domain' to 'filter_users' in sssd.conf 'nss' section mitigates the issue. The issue is related to this (already closed) BZ: id root triggers an LDAP lookup https://bugzilla.redhat.com/show_bug.cgi?id=1479983
Metadata Update from @sbose: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1679173
Metadata Update from @sbose: - Issue assigned to sbose
https://github.com/SSSD/sssd/pull/776
Commit 640edac relates to this ticket
Metadata Update from @jhrozek: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 2.2 - Issue tagged with: bug
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4955
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.