#2285 other subdomains are unavailable when joined to a subdomain in the ad forest
Closed: Fixed None Opened 10 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1077328

Created attachment 875617
logs for each join and test

Description of problem:
Issues resolving uses for child or second tree domain when the sssd client
system is joined to the child or second tree.

Version-Release number of selected component (if applicable):
sssd-1.11.2-58.el7

How reproducible:
every time.

Steps to Reproduce:

AD layout:
Root domain sssdad.com
Child domain child1.sssdad.com
Second tree domain sssdad_tree.com

Client joined to one domain using ad_provider defaults for ldap_id_mapping

When joined to sssdad.com all users resolve.
id administrator@sssdad.com
id administrator@sssdad_tree.com
id administrator@child1.sssdad.com
id user1_dom1@sssdad.com
id user1_dom2@sssdad_tree.com
id user1_dom3@child1.sssdad.com

When joined to sssdad_tree.com the following users do not resolve.
id administrator@child1.sssdad.com
id user1_dom3@child1.sssdad.com

When joined to child1.sssdad.com the following users do not resolve.
id administrator@sssdad_tree.com
id user1_dom2@sssdad_tree.com

The set of logs are from tests on each domain join.

Administrator entry when connected to sssdad_tree.com
(Mon Mar 17 11:33:13 2014) [sssd[be[sssdad_tree.com]]] [sdap_save_user]
(0x2000): Adding originalDN
[CN=Administrator,CN=Users,DC=child1,DC=sssdad,DC=com] to attributes of
[Administrator@sssdad.com].

No entry for CN=Administrator,CN=Users,DC=sssdad_tree,DC=com in
sssd_child1.sssdad.com.log.

No entries were logged for user1_dom3@child1.sssdad.com in
sssd_sssdad_tree.com.log and user1_dom2@sssdad_tree.com in
sssd_child1.sssdad.com.log.

Expected results:
All forest users should resolve when joined to any trusted domain.

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
milestone: NEEDS_TRIAGE => SSSD 1.11.5
owner: somebody => jhrozek
priority: major => blocker
review: True => 0
selected: =>
testsupdated: => 0

Fields changed

cc: => mkosek

Fields changed

patch: 0 => 1

resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.11.5

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3327

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata