Back to bug 1393730
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Jakub Hrozek | 2016-11-17 13:19:37 UTC | Status | NEW | POST |
| Jakub Hrozek | 2016-11-23 10:25:32 UTC | Status | POST | MODIFIED |
| Fixed In Version | sssd-1.14.0-43.el7_3.7 | |||
| errata-xmlrpc | 2016-11-25 16:49:27 UTC | Status | MODIFIED | ON_QA |
| Jakub Hrozek | 2016-12-14 14:57:40 UTC | Doc Text | Cause: The sssd domain name from the config file, not the remote domain name were used to match found entries when multiple entries matched search, typically this is when the domains are nested under one another. Consequence: If two users with the same samaccountname were present in two nested AD domains and the domain name in sssd.conf was named differently than the AD domain, no supplementary groups would be resolved for those users. Fix: Both the name from sssd.conf and the remote domain name are now tried. Result: The secondary groups now resolve correctly. | |
| Doc Type | If docs needed, set a value | Bug Fix | ||
| Dan Lavu | 2017-01-06 19:58:38 UTC | Status | ON_QA | VERIFIED |
| Marc Muehlfeld | 2017-01-09 13:26:29 UTC | Docs Contact | mmuehlfe | |
| Doc Text | Cause: The sssd domain name from the config file, not the remote domain name were used to match found entries when multiple entries matched search, typically this is when the domains are nested under one another. Consequence: If two users with the same samaccountname were present in two nested AD domains and the domain name in sssd.conf was named differently than the AD domain, no supplementary groups would be resolved for those users. Fix: Both the name from sssd.conf and the remote domain name are now tried. Result: The secondary groups now resolve correctly. | Previously, the System Security Services Daemon (SSSD) only used the domain name set in the /etc/sssd/sssd.conf file to match found entries if multiple entries matched the search result. Consequently, if two users with the same sAMAccountName attribute were present in two nested Active Directory (AD) domains and the domain name set in the /etc/sssd/sssd.conf file was different than the AD domain name, SSSD failed to resolve supplementary groups for these accounts. SSSD now uses the domain name set in the configuration file and additionally the remote domain name. As a result, secondary groups are now resolved correctly. | ||
| errata-xmlrpc | 2017-01-17 12:02:18 UTC | Status | VERIFIED | RELEASE_PENDING |
| errata-xmlrpc | 2017-01-17 18:09:52 UTC | Status | RELEASE_PENDING | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-01-17 13:09:52 UTC | |||
| Pavel Březina | 2020-05-04 10:58:50 UTC | Link ID | Github SSSD/sssd/issues/4232 |
Back to bug 1393730