Bug 866021
Summary: | SSSD loses groups from the cache when local user is accessed | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Everard Brown <bugzilla.redhat> |
Component: | sssd | Assignee: | Jakub Hrozek <jhrozek> |
Status: | CLOSED DUPLICATE | QA Contact: | Kaushik Banerjee <kbanerje> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.3 | CC: | bugzilla.redhat, grajaiya, jgalipea |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-10-16 17:01:52 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Everard Brown
2012-10-13 10:27:07 UTC
Upstream ticket: https://fedorahosted.org/sssd/ticket/1020 The SSSD is designed so that it only looks for group members in the same domain as the original group, also because the SSSD supports multiple domains and in a multi-domain environment, just saying "member: foo" would be ambiguous. If the member is not present in the same domain, then, as far as the SSSD is concerned, it is same as if the member did not exist at all. Improving this kind of setup is planned for the 1.11 release at the moment. In the meantime, I would recommend adding the apache user to LDAP as well. *** This bug has been marked as a duplicate of bug 732474 *** |