Bug 1391064
Summary: | MAN: Document AD provider uses tokengroups by default | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Ming Davies <minyu> |
Component: | sssd | Assignee: | SSSD Maintainers <sssd-maint> |
Status: | CLOSED ERRATA | QA Contact: | Dan Lavu <dlavu> |
Severity: | low | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.0 | CC: | grajaiya, jhrozek, lslebodn, mkosek, mzidek, pbrezina, sssd-qe |
Target Milestone: | pre-dev-freeze | ||
Target Release: | 7.4 | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | sssd-1.15.0-2.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-08-01 09:00:03 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ming Davies
2016-11-02 13:56:26 UTC
Upstream ticket: https://fedorahosted.org/sssd/ticket/3233 Upstream ticket: https://fedorahosted.org/sssd/ticket/3214 master: 6e27e8572f671de575d9ac2a34a677d9efc24fbc 8caf7ba5005b3be5447311713ad2b58169f9d32f Verified against sssd-1.15.2-33.el7.x86_64 ldap_id_mapping (boolean) Specifies that SSSD should attempt to map user and group IDs from the ldap_user_objectsid and ldap_group_objectsid attributes instead of relying on ldap_user_uid_number and ldap_group_gid_number. Currently this feature supports only ActiveDirectory objectSID mapping. Default: false krb5_validate (boolean) Verify with the help of krb5_keytab that the TGT obtained has not been spoofed. The keytab is checked for entries sequentially, and the first entry with a matching realm is used for validation. If no entry matches the realm, the last entry in the keytab is used. This process can be used to validate environments using cross-realm trust by placing the appropriate keytab entry as the last entry or the only entry in the keytab file. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:2294 |