Hide Forgot
This bug is created as a clone of upstream ticket: https://fedorahosted.org/sssd/ticket/2040 The sasl library has introduced an option to keep AD happy when SASL/GSSAPI is being used: http://git.cyrusimap.org/cyrus-sasl/commit/plugins/gssapi.c?id=cccc5a5a87a74cd434fbdf5e87c4158e21ebcf19 Take advantage of this option in the sssd_ad code.
Fixed upstream: fb945a2cacc5506a2acb50349670f22078f1d4f5
Verified in version sssd-1.12.2-39.el7 Output from beaker automation run: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ad_compat_001: BZ 1116010 enable ad_compat sasl option :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: SASL authentication is successful with AD signing disabled :: [ PASS ] :: Command 'getent passwd testuser01-837267' (Expected 0, got 0) :: [ LOG ] :: Duration: 3s :: [ LOG ] :: Assertions: 2 good, 0 bad :: [ PASS ] :: RESULT: ad_compat_001: BZ 1116010 enable ad_compat sasl option
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0441.html