Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1445028
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
Group scope should be checked before adding a group as an external member. 'domain local' groups should not be allowed.
Implementation will most-likely need to add support of getting group scope from SSSD (RFE on SSSD side).
Reason to prevent it: - Since 'domain local' groups are not available in the PAC for services outside the original domain. the IPA group wasn't added to the PAC and processing the PAC removed the membership to the IPA group.
Metadata Update from @pvoborni: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1445028
Metadata Update from @tkrizek: - Issue set to the milestone: FreeIPA 4.6.1 (was: FreeIPA 4.6)
Metadata Update from @tkrizek: - Issue set to the milestone: FreeIPA 4.6.2 (was: FreeIPA 4.6.1)
Metadata Update from @tdudlak: - Issue set to the milestone: FreeIPA 4.6.3 (was: FreeIPA 4.6.2)
Metadata Update from @rcritten: - Issue set to the milestone: FreeIPA 4.6.4 (was: FreeIPA 4.6.3)
FreeIPA 4.6.3 has been released, moving to FreeIPA 4.6.4 milestone
Metadata Update from @rcritten: - Issue set to the milestone: FreeIPA 4.6.5 (was: FreeIPA 4.6.4)
Login to comment on this ticket.