Bug 1199445
Summary: | Does sssd-ad use the most suitable attribute for group name? | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Jakub Hrozek <jhrozek> |
Component: | sssd | Assignee: | SSSD Maintainers <sssd-maint> |
Status: | CLOSED ERRATA | QA Contact: | Kaushik Banerjee <kbanerje> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.2 | CC: | abokovoy, Colin.Simpson, dpal, extras-qa, grajaiya, jgalipea, jhrozek, lslebodn, mkosek, mzidek, nkarandi, pbrezina, preichl, sbose, sgallagh, ssorce |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | sssd-1.13.0-0.1.alpha.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | 1060325 | Environment: | |
Last Closed: | 2015-11-19 11:36:02 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1060325 | ||
Bug Blocks: |
Description
Jakub Hrozek
2015-03-06 10:26:33 UTC
Fixed upstream: master: adb148603344a42d6edffdda0786a10af715dacb Tested with sssd-1.13.0-39.el7.x86_64 1. Install older version sssd-1.12.2-58.el7.x86_64. 2. Setup sssd.conf as follows, set "ldap_id_mapping = False" ad_domain = rootdc.com krb5_realm = ROOTDC.COM realmd_tags = manages-system joined-with-adcli cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = True fallback_homedir = /home/%u@%d access_provider = ad in sssd.conf 3. Create adgrp1 group in AD as shown below : # ldapsearch -x -D "cn=administrator,cn=Users,dc=rootdc,dc=com" -w Secret123 -b "dc=rootdc,dc=com" -h 10.65.207.10 cn="adgrp Test" sAMAccountName # extended LDIF # # LDAPv3 # base <dc=rootdc,dc=com> with scope subtree # filter: cn=adgrp Test # requesting: sAMAccountName # # adgrp Test, Builtin, rootdc.com dn: CN=adgrp Test,CN=Builtin,DC=rootdc,DC=com sAMAccountName: adgrpTest 4. Check for group lookup. Group lookup is not working as expected. # getent group "adgrp test"@rootdc.com adgrp test:*:1294601115:aduser1 # getent group adgrpTest - do not work. 5. Update sssd to sssd-1.13.0-39.el7.x86_64 Re-check for the group lookup. # getent group adgrpTest adgrptest:*:1294601115:aduser1 # getent group "adgrp test"@rootdc.com - do not work as expected. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-2355.html |