Bug 2123216

Summary: [RFE] - set default_domain_suffix in sssd.conf
Product: Red Hat Satellite Reporter: Nagoor Shaik <nshaik>
Component: AuthenticationAssignee: Adam Ruzicka <aruzicka>
Status: POST --- QA Contact: Satellite QE Team <sat-qe-bz-list>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.12.0CC: aruzicka, mhulan
Target Milestone: UnspecifiedKeywords: FutureFeature, UserExperience
Target Release: Unused   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nagoor Shaik 2022-09-01 05:51:16 UTC 
Description of problem:

Setting a default_domain_suffix for IDM based authentication would reduce an effort to type in the @domain while authenticating.


Version-Release number of selected component (if applicable):
Satellite 6.12

How reproducible:


Steps to Reproduce:
1. Configure direct AD authentication or IPA authentication from https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html/administering_red_hat_satellite/configuring_external_authentication_admin#Configuring_Direct_AD_Integration_with_GSS_Proxy_admin
2. Check the /etc/sssd/sssd.conf as no default domain suffix is configured
3. Having this we can query user without a domain suffix.

Actual results:
An end-user would have to type the user syntax to login to Satellite

Expected results:
We can reduce this effort by setting a default_domain_suffix to the current domain that the host is joined to.

Additional info:

Under [sssd] section adding default_domain_suffix = example.com to achieve this
Comment 1 Nagoor Shaik 2022-09-01 05:56:41 UTC 
We set the required attributes, so we can add this easily

https://github.com/theforeman/puppet-foreman/blob/e0fc1487740d36a5a308498576836525d3e52de1/manifests/config.pp#L205-L210
Comment 2 Adam Ruzicka 2023-06-13 11:18:06 UTC 
Where should the default domain come from? Should the users state in explicitly when running the installer? Should the installer try to derive it from some other parameter?
Comment 3 Nagoor Shaik 2023-06-13 12:15:25 UTC 
Assuming they are joining to the same realm, this should be defaulted to domain name of the satellite instance.
Comment 4 Adam Ruzicka 2023-06-13 13:19:29 UTC 
Oh, you already opened a PR about that, thank you and sorry about not noticing it earlier.
Comment 7 Eric Helms 2024-05-16 16:17:01 UTC 
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/35832 has been resolved.