#4170 SSSD and AD Group Names with an "@" sign
Closed: cloned-to-github a year ago by pbrezina. Opened a year ago by schlitzered.

my setup is a RedHat IdM installation with a trust to AD.

currently SSSD is not able to deal with "@" sign in AD group names.

the related issue to this is https://access.redhat.com/solutions/3495151

would it be possible to deal with this issue in either of these ways:

  • ignore AD groups with "@" sign
  • replace "@" sign with something else, similar to the override_space option in sssd.conf
  • handle the groups with "@" sign correctly

the problem is, that we cannot simply rename the affected groups, because this might break things relying on the group name.

also removing the group from the affected users is not easily doable, because user will then lose access on certain applications.

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/5125

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @pbrezina:
- Issue close_status updated to: cloned-to-github
- Issue status updated to: Closed (was: Open)

a year ago

Login to comment on this ticket.