#12 UPN-based search for AD users does not match an entry in map cache
Closed: Fixed None Opened 7 years ago by abbra.

When SSSD resolves AD users on behalf of slapi-nis, it can accept any user identifier, including user principal name (UPN) which may be different than the canonical user name which SSSD returns.

As result, the entry created by slapi-nis will be using canonical user name but the filter for search will refer to the original (aliased) name. The search will not match the newly created entry.

The issue can be fixed by returning two values for 'uid' attribute: the canonical one and the aliased one. This way the search will match.

Standard LDAP schema allows multiple values for 'uid' attribute.


Login to comment on this ticket.

Metadata