Back to bug 1380436

Who When What Removed Added
John Beranek 2016-10-04 14:43:35 UTC CC john
Amy Farley 2016-10-06 14:27:56 UTC CC afarley
Amy Farley 2016-10-06 14:35:27 UTC Blocks 1382395
Jakub Hrozek 2016-10-07 09:28:32 UTC Doc Text Cause: In sssd versions up to 7.2, when sssd was configured to fetch sudo rules from an Active Directory server, the sudoUser attribute had to match the exact case of the samAccountName attribute of the user who was assigned to the rule. (For example, Administrator). In 7.3, we broke that assertion and the sudoUser attribute value now matches only case-insensitive.

Consequence: After a package upgrade to 7.3, sudo rules for users who use a mIxEd case samaccountname attribute value.

Workaround (if any): The only workaround is to rename the sudoUser attribute to be lowercased.

Result: After upgrading sssd to 7.3, sudo rules that specify a sudoUser with a mixed case no longer work.
Doc Type If docs needed, set a value Known Issue
Lenka Špačková 2016-10-17 14:25:34 UTC Docs Contact mmuehlfe
Marc Muehlfeld 2016-10-20 16:06:35 UTC Doc Text Cause: In sssd versions up to 7.2, when sssd was configured to fetch sudo rules from an Active Directory server, the sudoUser attribute had to match the exact case of the samAccountName attribute of the user who was assigned to the rule. (For example, Administrator). In 7.3, we broke that assertion and the sudoUser attribute value now matches only case-insensitive.

Consequence: After a package upgrade to 7.3, sudo rules for users who use a mIxEd case samaccountname attribute value.

Workaround (if any): The only workaround is to rename the sudoUser attribute to be lowercased.

Result: After upgrading sssd to 7.3, sudo rules that specify a sudoUser with a mixed case no longer work. 		SSSD only applies values in `sudoUser` attributes from AD in lower case

Previously, when the System Security Services Daemon (SSSD) fetched "sudo" rules from Active Directory (AD), the `sudoUser` attribute must have match the exact case of the `samAccountName` attribute of the user the rule was assigned to. Due to a regression in Red Hat Enterprise Linux 7.3, the `sudoUser` attribute now only matches lower case values. To work around this problem, rename `sudoUser` attribute values to lower case. With the workaround, "sudo" rules are applied correctly.
Flags needinfo?(jhrozek)
Jakub Hrozek 2016-10-21 07:18:23 UTC Flags needinfo?(jhrozek)
Jakub Hrozek 2016-11-01 10:33:57 UTC CC sgoveas
Flags needinfo?(sgoveas)
Steeve Goveas 2016-11-02 13:41:20 UTC Flags needinfo?(sgoveas)
Ellen Newlands 2016-11-04 18:32:31 UTC CC enewland
Jakub Hrozek 2016-11-07 21:38:12 UTC CC tscherf
Flags needinfo?(tscherf)
Thorsten Scherf 2016-11-07 22:08:00 UTC Flags needinfo?(tscherf)
Jakub Hrozek 2016-11-08 09:01:47 UTC CC mkolaja
Flags needinfo?(mkolaja)
Jakub Hrozek 2016-11-08 11:27:29 UTC Status NEW POST
Marcel Kolaja 2016-11-08 14:07:18 UTC Priority unspecified high
Flags needinfo?(mkolaja)
Marcel Kolaja 2016-11-08 14:08:16 UTC Blocks 1392946
Marcel Kolaja 2016-11-08 14:09:02 UTC Keywords ZStream
Jakub Hrozek 2017-01-30 15:04:29 UTC Status POST MODIFIED
Fixed In Version sssd-1.15.0-1.el7
errata-xmlrpc 2017-01-30 15:27:34 UTC Status MODIFIED ON_QA
Steeve Goveas 2017-05-07 17:06:13 UTC QA Contact sgoveas apeetham
Amith 2017-05-18 10:34:27 UTC Status ON_QA VERIFIED
errata-xmlrpc 2017-08-01 09:00:03 UTC Status VERIFIED CLOSED
Resolution --- ERRATA
Last Closed 2017-08-01 05:00:03 UTC
Pratik Jagrut 2018-12-12 07:32:51 UTC CC pjagrut
Madhuri 2019-05-02 13:19:09 UTC CC mupadhye
Pavel Březina 2020-05-02 18:30:37 UTC Link ID Github SSSD/sssd/issues/4236
Pavel Březina 2020-05-02 18:33:41 UTC Link ID Github SSSD/sssd/issues/4274

Back to bug 1380436