Back to bug 1028039

Who When What Removed Added
Jakub Hrozek 2013-11-14 12:00:25 UTC Doc Text Cause: When enumerating users and groups, SSSD connects to LDAP port automatically, while when doing regular lookups, SSSD connects to Global Catalog.

Consequence: if SSSD is configured to honour POSIX attributes and at the same time enumeration is selected (which is not the defalt) and at the same time the POSIX attributes are not replicated to Global Catalog, the users will see different results when enumerating users and when performing users lookups. The reason is that enumeration connects to LDAP where the POSIX attributes exist, but logins read data from Global Catalog that doesn't have the attributes.


Workaround (if any): in order to see the POSIX attributes, they must be replicated to the Global Catalog and enumeration must be disabled at the moment.

Result: A bug fix will fix the enumeration to connect to GC. The requirement to replicate POSIX attributes to LDAP will stay.
Doc Type Bug Fix Known Issue
Jakub Hrozek 2013-11-14 12:30:33 UTC Status NEW ASSIGNED
Milan Navratil 2013-11-29 11:13:03 UTC CC mnavrati
Doc Text Cause: When enumerating users and groups, SSSD connects to LDAP port automatically, while when doing regular lookups, SSSD connects to Global Catalog.

Consequence: if SSSD is configured to honour POSIX attributes and at the same time enumeration is selected (which is not the defalt) and at the same time the POSIX attributes are not replicated to Global Catalog, the users will see different results when enumerating users and when performing users lookups. The reason is that enumeration connects to LDAP where the POSIX attributes exist, but logins read data from Global Catalog that doesn't have the attributes.


Workaround (if any): in order to see the POSIX attributes, they must be replicated to the Global Catalog and enumeration must be disabled at the moment.

Result: A bug fix will fix the enumeration to connect to GC. The requirement to replicate POSIX attributes to LDAP will stay.
When enumerating users and groups, the SSSD utility connects to the lightweight directory access protocol (LDAP) port automatically, but when performing regular lookups, SSSD connects to the Global Catalog. As a consequence, if SSSD is configured to honor POSIX attributes while at the same time enumeration is selected (not default), and the POSIX attributes are not replicated to the Global Catalog, the user sees different results when enumerating users than when users' lookups are performed. To work around this problem, POSIX attributes have to be replicated to the Global Catalog, and enumeration must be disabled at the moment.
Jakub Hrozek 2013-11-29 11:21:40 UTC Flags needinfo?(mnavrati)
Milan Navratil 2013-11-29 12:01:26 UTC Doc Text When enumerating users and groups, the SSSD utility connects to the lightweight directory access protocol (LDAP) port automatically, but when performing regular lookups, SSSD connects to the Global Catalog. As a consequence, if SSSD is configured to honor POSIX attributes while at the same time enumeration is selected (not default), and the POSIX attributes are not replicated to the Global Catalog, the user sees different results when enumerating users than when users' lookups are performed. To work around this problem, POSIX attributes have to be replicated to the Global Catalog, and enumeration must be disabled at the moment. When enumerating users and groups, the SSSD utility connects to the lightweight directory access protocol (LDAP) port automatically, but when performing regular lookups, SSSD connects to the Global Catalog. As a consequence, if SSSD is configured to honor POSIX attributes while at the same time enumeration is selected (not default), and the POSIX attributes are not replicated to the Global Catalog, the user sees different results when enumerating users than when users' lookups are performed. To work around this problem, POSIX attributes have to be replicated to the Global Catalog, or enumeration must be disabled at the moment.
Flags needinfo?(mnavrati)
Milan Navratil 2013-12-12 17:59:52 UTC CC mnavrati
Jakub Hrozek 2014-01-29 15:28:54 UTC Status ASSIGNED MODIFIED
Fixed In Version sssd-1.11.2-35.el7
errata-xmlrpc 2014-01-29 16:00:41 UTC Status MODIFIED ON_QA
Jeremy Agee 2014-01-30 14:39:50 UTC CC jagee
Jeremy Agee 2014-04-02 15:32:13 UTC Status ON_QA VERIFIED
Ludek Smid 2014-06-13 10:19:00 UTC Status VERIFIED CLOSED
Resolution --- CURRENTRELEASE
Last Closed 2014-06-13 06:19:00 UTC
Pavel Březina 2020-05-02 17:31:09 UTC Link ID Github SSSD/sssd/issues/3184

Back to bug 1028039