Bug 2103325

Summary: Supported AD group types should be explained in the docs
Product: Red Hat Enterprise Linux 9 Reporter: Anton Bobrov <abobrov>
Component: sssdAssignee: jstephen
Status: CLOSED ERRATA QA Contact: shridhar <sgadekar>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.1CC: aboscatt, atikhono, grajaiya, jhrozek, lslebodn, mzidek, pasik, pbrezina, sgadekar, tscherf
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: sync-to-jira
Fixed In Version: sssd-2.8.1-1.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-09 08:19:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Anton Bobrov 2022-07-02 08:10:22 UTC 
Description of problem:

sssd maps only specific AD group types (ie those that contain security related attributes like sid and guid or uidNumber and gidNumber for posix) and while it is quite logical and understandable from implementation perspective it is not at all clear from end user perspective at all which group types are supported and what requirements on AD side are to create groups that can be used with sssd. the docs / man pages should dedicate a small section somewhere explaining that and listing supported AD group types. this is specifically relevant to deployments where distribution type groups are used on AD side and then some customers have expectations that those would work with sssd mapping as well which they of course do not so this has to be explained or at least stated clearly somewhere in the docs.
Comment 2 Alexey Tikhonov 2022-07-18 11:08:52 UTC 
Upstream PR: https://github.com/SSSD/sssd/pull/6263
Comment 3 Alexey Tikhonov 2022-09-16 13:45:05 UTC 
Pushed PR: https://github.com/SSSD/sssd/pull/6263

* `master`
    * 794fd130e184e175f952b293833efe017bcdf13a - MAN: Add note about AD Group types
Comment 10 errata-xmlrpc 2023-05-09 08:19:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (sssd bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:2514