#6947 Do not allow to add AD domain local groups as external members
Opened 2 years ago by pvoborni. Modified a year ago

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1445028

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Group scope should be checked before adding a group as an external member. 'domain local' groups should not be allowed.

Implementation will most-likely need to add support of getting group scope from SSSD (RFE on SSSD side).

Reason to prevent it:
- Since 'domain local' groups are not available in the PAC for services outside the original domain. the IPA group wasn't added to the PAC and processing the PAC removed the membership to the IPA group.


Metadata Update from @pvoborni:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1445028

2 years ago

Metadata Update from @pvoborni:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1445028

2 years ago

Metadata Update from @tkrizek:
- Issue set to the milestone: FreeIPA 4.6.1 (was: FreeIPA 4.6)

2 years ago

Metadata Update from @tkrizek:
- Issue set to the milestone: FreeIPA 4.6.2 (was: FreeIPA 4.6.1)

2 years ago

Metadata Update from @tdudlak:
- Issue set to the milestone: FreeIPA 4.6.3 (was: FreeIPA 4.6.2)

2 years ago

Metadata Update from @rcritten:
- Issue set to the milestone: FreeIPA 4.6.4 (was: FreeIPA 4.6.3)

a year ago

FreeIPA 4.6.3 has been released, moving to FreeIPA 4.6.4 milestone

Metadata Update from @rcritten:
- Issue set to the milestone: FreeIPA 4.6.5 (was: FreeIPA 4.6.4)

a year ago

Login to comment on this ticket.

Metadata