#995 RFE: Enhance Handling of primaryGroupID from Active Directory
Closed: Invalid None Opened 8 years ago by myllynen.

In Active Directory all users are by default members of the group 513 / Domain Users. But when using SSSD against AD with no Identity Management for Unix Role Service enabled the group name for the group ID 513 is not found. It would be helpful if SSSD would handle this case without the need to add the domain users group to each client's /etc/groups.

For the record, nss-pam-ldapd has related functionality, as described in:


Fields changed

milestone: NEEDS_TRIAGE => SSSD Deferred

Fields changed

rhbz: => 0

Putting in needs triage. Seems like it belongs to 1.9.

blockedby: =>
blocking: =>
feature_milestone: =>
milestone: SSSD Deferred => NEEDS_TRIAGE

Fields changed

milestone: NEEDS_TRIAGE => SSSD AD Extensions Feature
owner: somebody => sgallagh

We don't plan to special-case the "Domain Users" group. Either the admin needs to add the POSIX attributes, or it needs to be handled by the ID-mapping being done in ticket #996.

resolution: => wontfix
status: new => closed

This use case works now with the AD provider.

Fields changed

type: defect => enhancement

Metadata Update from @myllynen:
- Issue assigned to sgallagh
- Issue set to the milestone: SSSD AD Extensions Feature

2 years ago

Login to comment on this ticket.