Bug 1573509
Summary: | Auth MIQLDAP to SSSD - After conversion binds happen with admin creds in SSSD.conf file | ||
---|---|---|---|
Product: | Red Hat CloudForms Management Engine | Reporter: | Matt Pusateri <mpusater> |
Component: | Appliance | Assignee: | Joe Vlcek <jvlcek> |
Status: | CLOSED NOTABUG | QA Contact: | Matt Pusateri <mpusater> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 5.9.0 | CC: | abellott, cpelland, obarenbo, yrudman |
Target Milestone: | GA | ||
Target Release: | 5.9.3 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | auth:miqldap:externalauth:security | ||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-05-02 21:27:48 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Matt Pusateri
2018-05-01 14:50:14 UTC
Matt, Sorry I seemed to have created some confusion when we spoke about this the other day. I reviewed this with Gregg T and Alberto and we all agree this is working as expected. SSSD does do the bind with the user's credentials when authenticating the user. SSSD binds with the admin credentials when searching the directory. SSSD needs to search the directory for things like group membership and finding the user object. The user may not necessarily have privileges to do this. Closing NOTABUG |