Description of problem: With multiple subdomain section having ldap_search_base and ldap_user_search_base id command returns only for one domain. Version-Release number of selected component (if applicable): freeipa-server-4.4.3-2.fc25.x86_64 freeipa-server-dns-4.4.3-2.fc25.noarch freeipa-server-trust-ad-4.4.3-2.fc25.x86_64 freeipa-server-common-4.4.3-2.fc25.noarch sssd-1.15.2-1.fc25.x86_64 samba-4.5.6-0.fc25.x86_64 krb5-server-1.14.4-4.fc25.x86_64 How reproducible: Always Steps to Reproduce: 1. Install IPA Server 2. Ensure IPA server have trust established with two AD domains.(pne.qe and ptb.qe in this case) 3. create a OU named sales with user test1 4. create a OU named sales with user test1 5. Edit the sssd.conf on IPA server to include two subdomain sections. [domain/testqe.test/pne.qe] debug_level = 9 ad_server = win1.pne.qe ldap_search_base = dc=pne,dc=qe ldap_user_search_base = ou=sales,dc=pne,dc=qe [domain/testqe.test/ptb.qe] debug_level = 9 ad_server = apache.ptb.qe ldap_search_base = dc=ptb,dc=qe ldap_user_search_base = ou=sales,dc=ptb,dc=qe Actual results: id command displays output for only one domain, it doesn't display for other domain. [root@fedora sssd]# id test1 uid=1261601512(test1) gid=1261601512(test1) groups=1261601512(test1),1261600513(domain users) [root@fedora sssd]# id test1 id: ‘test1’: no such user Expected results: id test should display the result. Additional info:
Just a note (not related to the bug). The options debug_level is not supported for the subdomain section (it always uses the same dabug_level as the main domain section), so you can delete it from the sssd.conf in the test. Michal
Upstream ticket: https://pagure.io/SSSD/sssd/issue/3351
master: * 4c49edbd8df651b1737c59459637962c117212c6
sssd-1.15.3-1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-71a2efaa80
sssd-1.15.3-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-91b708222e
sssd-1.15.3-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2017-3692a58167
sssd-1.15.3-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-3692a58167
sssd-1.15.3-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-91b708222e
sssd-1.15.3-1.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-71a2efaa80
sssd-1.15.3-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
sssd-1.15.3-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
sssd-1.15.3-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.