RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 906379 - ldap_access_order man page improvements
Summary: ldap_access_order man page improvements
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.0
Hardware: Unspecified
OS: Unspecified
low
unspecified
Target Milestone: rc
: ---
Assignee: Jakub Hrozek
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-01-31 14:42 UTC by Dmitri Pal
Modified: 2020-05-02 17:15 UTC (History)
4 users (show)

Fixed In Version: sssd-1.10.0-10.el7.beta2
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-06-13 10:23:24 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github SSSD sssd issues 2831 0 None closed ldap_access_order improvements (man page fix) 2020-05-02 17:15:44 UTC

Description Dmitri Pal 2013-01-31 14:42:44 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/1789

The documentation says ldap_access_filter setting is mandatory when using access_provider=ldap. However, you can configure the ldap_access_order so that the filter is never checked. The default value for ldap_access_order is just filter, which means that even if you set ldap_account_expire_policy in configuration file, it is never used unless the ldap_access_order is manually altered.

I think that the default of ldap_access_order should either include all possible values in some order and just ignore the ones that are not configured or that specifying for example ldap_account_expire_policy should add it to checking order automatically. Currently the configuration is not intuitive.

Alternatively the man page should mention this additional step (altering the ldap_access_order) in relevant locations or sssd should at least output a warning about set but unused configuration values.
Comment 1 Jakub Hrozek 2013-10-04 13:23:11 UTC 
Temporarily moving bugs to MODIFIED to work around errata tool bug
Comment 3 Amith 2013-12-11 14:54:53 UTC 
Verified the bug on SSSD Version: sssd-1.11.2-10.el7.x86_64

Man page improvements for ldap_access_order has been verified.
Comment 4 Ludek Smid 2014-06-13 10:23:24 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.
Note You need to log in before you can comment on or make changes to this bug.