Bug 1033081
Summary: | Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Dmitri Pal <dpal> |
Component: | sssd | Assignee: | Jakub Hrozek <jhrozek> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Kaushik Banerjee <kbanerje> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.0 | CC: | grajaiya, jagee, jgalipea, lslebodn, mkosek, pbrezina |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | sssd-1.11.2-40.el7 | Doc Type: | Known Issue |
Doc Text: |
The System Security Services Daemon (SSSD) connects to Global Catalog (GC) for all user and group lookups. POSIX attributes such as UID or GID are not replicated to Global Catalog by default. The SSSD is able to fall back to lightweight directory access protocol (LDAP) lookups from GC, but this fallback is performed only after a lookup. As a consequence, two attempts are needed to look up users with POSIX attributes in the Active Directory in environments where POSIX attributes are not replicated to Global Catalog.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2014-06-13 11:58:48 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Dmitri Pal
2013-11-21 14:16:24 UTC
This bug was triaged, planned and is being worked on. Moving to ASSIGNED. Pushed upstream: master: 86c2e80de2243c3bd7691657086f1a182e7fc45c sssd-1-11: e81deec535d11912b87954c81a1edd768c1386c9 Automation task passed. :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ad_forest_07: bz 1033081 detect if posix attributes have been replicated to the global catalog :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Running 'id posixuser1_dom1' (Expected 0, got 0) :: [ PASS ] :: Running 'getent -s sss passwd posixuser1_dom1' (Expected 0, got 0) :: [ PASS ] :: checking getent data for posixuser1_dom1 (Assert: posixuser1_dom1:*:100001:100001:posixuser1_dom1:/home2/sssdad.com/posixuser1_dom1:/bin/ksh should equal posixuser1_dom1:*:100001:100001:posixuser1_dom1:/home2/sssdad.com/posixuser1_dom1:/bin/ksh) :: [ PASS ] :: Running 'id posixuser1_dom2' (Expected 0, got 0) :: [ PASS ] :: Running 'getent -s sss passwd posixuser1_dom2' (Expected 0, got 0) :: [ PASS ] :: checking getent data for posixuser1_dom2 (Assert: posixuser1_dom2:*:100002:100002:posixuser1_dom2:/home2/sssdad_tree.com/posixuser1_dom2:/bin/ksh should equal posixuser1_dom2:*:100002:100002:posixuser1_dom2:/home2/sssdad_tree.com/posixuser1_dom2:/bin/ksh) :: [ PASS ] :: Running 'id posixuser1_dom3.com' (Expected 0, got 0) :: [ PASS ] :: Running 'getent -s sss passwd posixuser1_dom3.com' (Expected 0, got 0) :: [ PASS ] :: checking getent data for posixuser1_dom3.com (Assert: posixuser1_dom3.com:*:100003:100003:posixuser1_dom3:/home2/child1.sssdad.com/posixuser1_dom3:/bin/ksh should equal posixuser1_dom3.com:*:100003:100003:posixuser1_dom3:/home2/child1.sssdad.com/posixuser1_dom3:/bin/ksh) :: [ PASS ] :: File '/var/log/sssd/sssd_sssdad.com.log' should contain 'New LDAP connection to \[ldap://[[:alnum:]._-]*:3268/??base\]' :: [ PASS ] :: File '/var/log/sssd/sssd_sssdad.com.log' should contain 'ldap_search_ext with \[(|(uidNumber=\*)(gidNumber=\*))\]' :: [ PASS ] :: File '/var/log/sssd/sssd_sssdad.com.log' should contain 'POSIX attributes were requested but are not present on the server side' :: [ LOG ] :: Duration: 43s :: [ LOG ] :: Assertions: 12 good, 0 bad :: [ PASS ] :: RESULT: ad_forest_07: bz 1033081 detect if posix attributes have been replicated to the global catalog This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |