lookup_name() in Samba may call PASSDB API to search by a UPN (e.g. username@suffix). Support this call by detecting '@' in the passed name and setting up filter to be
(&(objectClass=ipaNTUserAttrs)(objectClass=krbPrincipalAux) krbPrincipalName:caseIgnoreIA5Match:=%s))
instead of
(&(objectClass=ipaNTUserAttrs)(uid=%s))
The result of the search would still contain a proper user entry as we always have krbPrincipalName in LDAP entries of IPA users. Note that the match must be case-insensitive because otherwise krbPrincipalName is matched with exact case in the schema. We use the same matching override in KDB driver already.
master:
ipa-4-9:
Metadata Update from @rcritten: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.