#4495 IPA AD trust uses lowercase domain name for user entries but groups's memberUid is not
Closed: Fixed None Opened 9 years ago by mkosek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1130131

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Description of problem:
Customer has an AD domain that mixes uppercase with lowercase letters
(EXAMPLE.com)

There is trust between that AD and IPA server via which entries are transformed
to lower case ones. The problem is that the groups that are synced keep the
original form for the memberUid attribute and as this attribute is
case-sensitive that results incomplete group memberships.

The customer is using a legacy client when seeing those differences.
...
Actual results:
Less groups are returned as user groups as they don't match the case-sensitive
check.

Expected results:
All groups should be returned.

Fixed in slapi-nis 0.54.

Metadata Update from @mkosek:
- Issue assigned to abbra
- Issue set to the milestone: FreeIPA 4.1

7 years ago

Login to comment on this ticket.

Metadata