Description of problem:
why id lookup does not iterate over all the domains. As per I know sssd first, try to connect to the AD GC and if the information is not present in AD_GC it will try to look for the user across all the domains by trying to connect to the individual server on port 389.
Version-Release number of selected component (if applicable):
sssd-1.16.4-21.el7_7.1.x86_64
How reproducible:
Steps to Reproduce:
1.
2.
3.
Actual results:
id lookup works only if sssd is connected to the correct server at the first attempt else it will fail it won't iterate over all the domains.
Expected results:
If the information is not present in AD_GC sssd should get the details by looking up the user across all domain.
Additional info:
Related Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1695606.
https://github.com/SSSD/sssd/issues/5351 the patch was added to RHEL-8 by a rebase so that there is no dedicated RHEL-8 ticket.
Pushed PR: https://github.com/SSSD/sssd/pull/5732
* `sssd-1-16`
* 7afd36a4c4b35d72742eec2d23bd6908e635c097 - AD: do not override LDAP data during GC lookups
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Important: sssd security and bug fix update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2021:3336