Bug 969882
Summary: | Fully qualified account names form should be able to use flatname in the fq format | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Dmitri Pal <dpal> |
Component: | sssd | Assignee: | Jakub Hrozek <jhrozek> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Kaushik Banerjee <kbanerje> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.0 | CC: | grajaiya, jgalipea, pbrezina, sgoveas |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | sssd-1.10.0-10.el7.beta2 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-06-13 11:39:06 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Dmitri Pal
2013-06-02 21:56:57 UTC
Upstream ticket: https://fedorahosted.org/sssd/ticket/1468 Temporarily moving bugs to MODIFIED to work around errata tool bug * FLATNAME\username can be used in trusted environment [root@dhcp207-43 ~]# ipa trust-find --------------- 1 trust matched --------------- Realm name: adtest.qe Domain NetBIOS name: ADTEST Domain Security Identifier: S-1-5-21-1910160501-511572375-3625658879 SID blacklist incoming: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16, S-1-5-17, S-1-5-18, S-1-5-19, S-1-5-20 SID blacklist outgoing: S-1-0, S-1-1, S-1-2, S-1-3, S-1-5-1, S-1-5-2, S-1-5-3, S-1-5-4, S-1-5-5, S-1-5-6, S-1-5-7, S-1-5-8, S-1-5-9, S-1-5-10, S-1-5-11, S-1-5-12, S-1-5-13, S-1-5-14, S-1-5-15, S-1-5-16, S-1-5-17, S-1-5-18, S-1-5-19, S-1-5-20 Trust type: Active Directory domain ---------------------------- Number of entries returned 1 ---------------------------- [root@dhcp207-43 ~]# ipa idrange-find ---------------- 3 ranges matched ---------------- Range name: ADTEST.QE_id_range First Posix ID of the range: 1148400000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 0 Domain SID of the trusted domain: S-1-5-21-1910160501-511572375-3625658879 Range type: Active Directory domain range Range name: PUNE.ADTEST.QE_id_range First Posix ID of the range: 839000000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 0 Domain SID of the trusted domain: S-1-5-21-91314187-2404433721-1858927112 Range type: Active Directory domain range Range name: TESTRELM.COM_id_range First Posix ID of the range: 1741800000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 1000 First RID of the secondary RID range: 100000000 Range type: local domain range ---------------------------- Number of entries returned 3 ---------------------------- [root@dhcp207-43 ~]# getent passwd 'PUNE\testu1' testu1.qe:*:839001108:839001108:testu1 user:/: [root@dhcp207-43 ~]# getent passwd 'PUNE\adnew1' adnew1.qe:*:839001107:839001107:new user:/: [root@dhcp207-43 ~]# getent passwd 'ADTEST\aduser2' aduser2:*:1148401314:1148401314:ads2 user:/: [root@dhcp207-43 ~]# rpm -q ipa-server sssd ipa-server-3.3.3-8.el7.x86_64 sssd-1.11.2-18.el7.x86_64 Also automated as part of direct enrolment with sssd. Verified with version 1.11.2-18.el7 Snippet from beaker automation run: user1_dom1:*:770843877:770800513:user1_dom1:/: :: [ PASS ] :: Running 'getent passwd $AD_SERVER1_SHORT_REALM\\user1_dom1' (Expected 0, got 0) user1_dom2:*:295201317:295201317:user1_dom2:/: :: [ PASS ] :: Running 'getent passwd $AD_SERVER2_SHORT_REALM\\user1_dom2' (Expected 0, got 0) user1_dom3.com:*:1290801310:1290801310:user1_dom3:/: :: [ PASS ] :: Running 'getent passwd $AD_SERVER3_SHORT_REALM\\user1_dom3' (Expected 0, got 0) This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |