#995 RFE: Enhance Handling of primaryGroupID from Active Directory
Closed: Invalid None Opened 9 years ago by myllynen.

In Active Directory all users are by default members of the group 513 / Domain Users. But when using SSSD against AD with no Identity Management for Unix Role Service enabled the group name for the group ID 513 is not found. It would be helpful if SSSD would handle this case without the need to add the domain users group to each client's /etc/groups.

For the record, nss-pam-ldapd has related functionality, as described in:


Fields changed

milestone: NEEDS_TRIAGE => SSSD Deferred

Fields changed

rhbz: => 0

Putting in needs triage. Seems like it belongs to 1.9.

blockedby: =>
blocking: =>
feature_milestone: =>
milestone: SSSD Deferred => NEEDS_TRIAGE

Fields changed

milestone: NEEDS_TRIAGE => SSSD AD Extensions Feature
owner: somebody => sgallagh

We don't plan to special-case the "Domain Users" group. Either the admin needs to add the POSIX attributes, or it needs to be handled by the ID-mapping being done in ticket #996.

resolution: => wontfix
status: new => closed

This use case works now with the AD provider.

Fields changed

type: defect => enhancement

Metadata Update from @myllynen:
- Issue assigned to sgallagh
- Issue set to the milestone: SSSD AD Extensions Feature

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2037

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.