Bug 1571526
Summary: | SSSD with ID provider 'ad' should give a warning in case the ldap schema is manually changed to something different than 'ad'. | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Thorsten Scherf <tscherf> |
Component: | sssd | Assignee: | Jakub Hrozek <jhrozek> |
Status: | CLOSED ERRATA | QA Contact: | sssd-qe <sssd-qe> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 7.5 | CC: | fidencio, grajaiya, jhrozek, knakai, lslebodn, mkosek, mniranja, mzidek, pbrezina, sgoveas, tscherf |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | sssd-1.16.2-1.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-10-30 10:42:26 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Thorsten Scherf
2018-04-25 05:08:52 UTC
Upstream ticket: https://pagure.io/SSSD/sssd/issue/3726 master: 3cff2c5 1. Versions: Configure sssd.conf as below: [sssd] domains = juno.test config_file_version = 2 services = nss, pam [domain/juno.test] ad_domain = juno.test krb5_realm = JUNO.TEST realmd_tags = manages-system joined-with-samba cache_credentials = True id_provider = ad ldap_schema = rfc2307 krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = True fallback_homedir = /home/%u@%d access_provider = ad debug_level = 9 2. Restart sssd 3. Following log message is shown in log_<ad-domain>.log (Sun Jul 15 02:14:17 2018) [sssd[be[juno.test]]] [ad_set_sdap_options] (0x0040): The AD provider only supports the AD LDAP schema. SSSD will ignore the ldap_schema option value and proceed with ldap_schema=ad Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:3158 |