Back to bug 1028039
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Jakub Hrozek | 2013-11-14 12:00:25 UTC | Doc Text | Cause: When enumerating users and groups, SSSD connects to LDAP port automatically, while when doing regular lookups, SSSD connects to Global Catalog. Consequence: if SSSD is configured to honour POSIX attributes and at the same time enumeration is selected (which is not the defalt) and at the same time the POSIX attributes are not replicated to Global Catalog, the users will see different results when enumerating users and when performing users lookups. The reason is that enumeration connects to LDAP where the POSIX attributes exist, but logins read data from Global Catalog that doesn't have the attributes. Workaround (if any): in order to see the POSIX attributes, they must be replicated to the Global Catalog and enumeration must be disabled at the moment. Result: A bug fix will fix the enumeration to connect to GC. The requirement to replicate POSIX attributes to LDAP will stay. | |
| Doc Type | Bug Fix | Known Issue | ||
| Jakub Hrozek | 2013-11-14 12:30:33 UTC | Status | NEW | ASSIGNED |
| Milan Navratil | 2013-11-29 11:13:03 UTC | CC | mnavrati | |
| Doc Text | Cause: When enumerating users and groups, SSSD connects to LDAP port automatically, while when doing regular lookups, SSSD connects to Global Catalog. Consequence: if SSSD is configured to honour POSIX attributes and at the same time enumeration is selected (which is not the defalt) and at the same time the POSIX attributes are not replicated to Global Catalog, the users will see different results when enumerating users and when performing users lookups. The reason is that enumeration connects to LDAP where the POSIX attributes exist, but logins read data from Global Catalog that doesn't have the attributes. Workaround (if any): in order to see the POSIX attributes, they must be replicated to the Global Catalog and enumeration must be disabled at the moment. Result: A bug fix will fix the enumeration to connect to GC. The requirement to replicate POSIX attributes to LDAP will stay. | When enumerating users and groups, the SSSD utility connects to the lightweight directory access protocol (LDAP) port automatically, but when performing regular lookups, SSSD connects to the Global Catalog. As a consequence, if SSSD is configured to honor POSIX attributes while at the same time enumeration is selected (not default), and the POSIX attributes are not replicated to the Global Catalog, the user sees different results when enumerating users than when users' lookups are performed. To work around this problem, POSIX attributes have to be replicated to the Global Catalog, and enumeration must be disabled at the moment. | ||
| Jakub Hrozek | 2013-11-29 11:21:40 UTC | Flags | needinfo?(mnavrati) | |
| Milan Navratil | 2013-11-29 12:01:26 UTC | Doc Text | When enumerating users and groups, the SSSD utility connects to the lightweight directory access protocol (LDAP) port automatically, but when performing regular lookups, SSSD connects to the Global Catalog. As a consequence, if SSSD is configured to honor POSIX attributes while at the same time enumeration is selected (not default), and the POSIX attributes are not replicated to the Global Catalog, the user sees different results when enumerating users than when users' lookups are performed. To work around this problem, POSIX attributes have to be replicated to the Global Catalog, and enumeration must be disabled at the moment. | When enumerating users and groups, the SSSD utility connects to the lightweight directory access protocol (LDAP) port automatically, but when performing regular lookups, SSSD connects to the Global Catalog. As a consequence, if SSSD is configured to honor POSIX attributes while at the same time enumeration is selected (not default), and the POSIX attributes are not replicated to the Global Catalog, the user sees different results when enumerating users than when users' lookups are performed. To work around this problem, POSIX attributes have to be replicated to the Global Catalog, or enumeration must be disabled at the moment. |
| Flags | needinfo?(mnavrati) | |||
| Milan Navratil | 2013-12-12 17:59:52 UTC | CC | mnavrati | |
| Jakub Hrozek | 2014-01-29 15:28:54 UTC | Status | ASSIGNED | MODIFIED |
| Fixed In Version | sssd-1.11.2-35.el7 | |||
| errata-xmlrpc | 2014-01-29 16:00:41 UTC | Status | MODIFIED | ON_QA |
| Jeremy Agee | 2014-01-30 14:39:50 UTC | CC | jagee | |
| Jeremy Agee | 2014-04-02 15:32:13 UTC | Status | ON_QA | VERIFIED |
| Ludek Smid | 2014-06-13 10:19:00 UTC | Status | VERIFIED | CLOSED |
| Resolution | --- | CURRENTRELEASE | ||
| Last Closed | 2014-06-13 06:19:00 UTC | |||
| Pavel Březina | 2020-05-02 17:31:09 UTC | Link ID | Github SSSD/sssd/issues/3184 |
Back to bug 1028039