Hide Forgot
Active Directory implements RFC2307bis-like schema which looks like RFC2307bis, but it has a few exceptions. It would be nice to introduce something like: ldap_schema=msrfc which would be equivalent to: ldap_user_object_class = user ldap_group_object_class = group ldap_user_home_directory = unixHomeDirectory ldap_schema = rfc2307bis ldap_sasl_authid = <hostname>$@<REALM> This would ease integration with Active Directory
Upstream ticket: https://fedorahosted.org/sssd/ticket/1031
Verified in version 1.9.2-13 Output from beaker automation run: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: adschema_001 compare with sysdb, idmapping=true :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Stopping sssd: [ OK ] Starting sssd: [ OK ] [ OK ] :: [16:12:47] :: Sleeping for 5 seconds adschemauser01:*:770812610:770800513:GECOS1:/: :: [ PASS ] :: Running 'getent passwd adschemauser01' adschemauser01 :: [ PASS ] :: Running 'getent passwd adschemauser01 | awk -F: '{print $1}' | grep adschemauser01' 770812610 :: [ PASS ] :: Running 'getent passwd adschemauser01 | awk -F: '{print $3}' | grep 770812610' 770800513 :: [ PASS ] :: Running 'getent passwd adschemauser01 | awk -F: '{print $4}' | grep 770800513' GECOS1 :: [ PASS ] :: Running 'getent passwd adschemauser01 | awk -F: '{print $5}' | grep GECOS1' uid=770812610(adschemauser01) gid=770800513(domain users) groups=770800513(domain users),770812609(adschemagroup01) :: [ PASS ] :: Running 'id adschemauser01' :: [ PASS ] :: ldap_user_name is same in ldap:adschemauser01 and sysdb:adschemauser01 :: [ FAIL ] :: ldap_user_fullname is different in ldap:adschemauser01 and sysdb:GECOS1 Might fail due to ticket 1482 :: [ PASS ] :: ldap_user_uid_number is same in ldap:770812610 and sysdb:770812610 :: [ PASS ] :: ldap_user_gid_number is same in ldap:770800513 and sysdb:770800513 :: [ PASS ] :: ldap_user_gecos is same in ldap:GECOS1 and sysdb:GECOS1 :: [ PASS ] :: ldap_user_home_directory is same in ldap: and sysdb: :: [ PASS ] :: ldap_user_shell is same in ldap: and sysdb: :: [ PASS ] :: ldap_user_principal is same in ldap:adschemauser01 and sysdb:adschemauser01 :: [ PASS ] :: ldap_user_member_of is same in ldap:CN=adschemagroup01,CN=Users,DC=sssdad,DC=com and sysdb:CN=adschemagroup01,CN=Users,DC=sssdad,DC=com :: [ PASS ] :: ldap_user_modify_timestamp is same in ldap:20121116211150.0Z and sysdb:20121116211150.0Z :: [ PASS ] :: ldap_user_entry_usn is same in ldap:136295 and sysdb:136295 :: [ PASS ] :: ldap_user_ad_account_expires is same in ldap:0 and sysdb:0 :: [ PASS ] :: ldap_user_ad_user_account_control is same in ldap:512 and sysdb:512 adschemagroup01:*:770812609:adschemauser01 :: [ PASS ] :: Running 'getent group adschemagroup01' adschemagroup01 :: [ PASS ] :: Running 'getent group adschemagroup01 | awk -F: '{print $1}' | grep adschemagroup01' 770812609 :: [ PASS ] :: Running 'getent group adschemagroup01 | awk -F: '{print $3}' | grep 770812609' adschemauser01 :: [ PASS ] :: Running 'getent group adschemagroup01 | awk -F: '{print $4}' | grep adschemauser01' :: [ PASS ] :: ldap_group_name is same in ldap:adschemagroup01 and sysdb:adschemagroup01 :: [ PASS ] :: ldap_group_gid_number is same in ldap:770812609 and sysdb:770812609 :: [ PASS ] :: ldap_group_member is same in ldap:adschemauser01 and sysdb:adschemauser01 :: [ PASS ] :: ldap_group_modify_timestamp is same in ldap:20121116211150.0Z and sysdb:20121116211150.0Z :: [ PASS ] :: ldap_group_entry_usn is same in ldap:136297 and sysdb:136297 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: adschema_002 compare with sysdb, idmapping=false :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Stopping sssd: [ OK ] Starting sssd: [ OK ] [ OK ] :: [16:13:07] :: Sleeping for 5 seconds adschemauser02:*:72002:72002:GECOS2:/home/adschemauser02:/bin/bash :: [ PASS ] :: Running 'getent passwd adschemauser02' adschemauser02 :: [ PASS ] :: Running 'getent passwd adschemauser02 | awk -F: '{print $1}' | grep adschemauser02' 72002 :: [ PASS ] :: Running 'getent passwd adschemauser02 | awk -F: '{print $3}' | grep 72002' 72002 :: [ PASS ] :: Running 'getent passwd adschemauser02 | awk -F: '{print $4}' | grep 72002' GECOS2 :: [ PASS ] :: Running 'getent passwd adschemauser02 | awk -F: '{print $5}' | grep GECOS2' /home/adschemauser02 :: [ PASS ] :: Running 'getent passwd adschemauser02 | awk -F: '{print $6}' | grep /home/adschemauser02' /bin/bash :: [ PASS ] :: Running 'getent passwd adschemauser02 | awk -F: '{print $7}' | grep /bin/bash' uid=72002(adschemauser02) gid=72002(adschemagroup02) groups=72002(adschemagroup02) :: [ PASS ] :: Running 'id adschemauser02' :: [ PASS ] :: ldap_user_name is same in ldap:adschemauser02 and sysdb:adschemauser02 :: [ FAIL ] :: ldap_user_fullname is different in ldap:adschemauser02 and sysdb:GECOS2 Might fail due to ticket 1482 :: [ PASS ] :: ldap_user_uid_number is same in ldap:72002 and sysdb:72002 :: [ PASS ] :: ldap_user_gid_number is same in ldap:72002 and sysdb:72002 :: [ PASS ] :: ldap_user_gecos is same in ldap:GECOS2 and sysdb:GECOS2 :: [ PASS ] :: ldap_user_home_directory is same in ldap:/home/adschemauser02 and sysdb:/home/adschemauser02 :: [ PASS ] :: ldap_user_shell is same in ldap:/bin/bash and sysdb:/bin/bash :: [ PASS ] :: ldap_user_principal is same in ldap:adschemauser02 and sysdb:adschemauser02 :: [ PASS ] :: ldap_user_member_of is same in ldap:CN=adschemagroup02,CN=Users,DC=sssdad,DC=com and sysdb:CN=adschemagroup02,CN=Users,DC=sssdad,DC=com :: [ PASS ] :: ldap_user_modify_timestamp is same in ldap:20121116211154.0Z and sysdb:20121116211154.0Z :: [ PASS ] :: ldap_user_entry_usn is same in ldap:136307 and sysdb:136307 :: [ PASS ] :: ldap_user_ad_account_expires is same in ldap:0 and sysdb:0 :: [ PASS ] :: ldap_user_ad_user_account_control is same in ldap:512 and sysdb:512 adschemagroup02 :: [ PASS ] :: Running 'getent group adschemagroup02 | awk -F: '{print $1}' | grep adschemagroup02' 72002 :: [ PASS ] :: Running 'getent group adschemagroup02 | awk -F: '{print $3}' | grep 72002' adschemauser02 :: [ PASS ] :: Running 'getent group adschemagroup02 | awk -F: '{print $4}' | grep adschemauser02' :: [ PASS ] :: ldap_group_name is same in ldap:adschemagroup02 and sysdb:adschemagroup02 :: [ PASS ] :: ldap_group_gid_number is same in ldap:72002 and sysdb:72002 :: [ PASS ] :: ldap_group_member is same in ldap:adschemauser02 and sysdb:adschemauser02 :: [ PASS ] :: ldap_group_modify_timestamp is same in ldap:20121116211154.0Z and sysdb:20121116211154.0Z :: [ PASS ] :: ldap_group_entry_usn is same in ldap:136309 and sysdb:136309
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0508.html