Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1130017
Description of problem: This bug hits setups where the id_provider is AD or the ldap_schema is set to AD, at the same time POSIX attributes are used and at the same time the primary group also includes the user as a 'member' attribute. Version-Release number of selected component (if applicable): sssd-1.11.6-14.el6.x86_64 How reproducible: always Steps to Reproduce: 1. prepare an AD server with POSIX attributes, enroll sssd to it 2. make sure the primary group of a user also has the 'member' attribute pointing towards the user 3. run id user Actual results: saving group membership fails with: (Wed Aug 13 17:16:35 2014) [sssd[be[MARS.CORP.COM]]] [sysdb_set_entry_attr] (0x0080): ldb_modify failed: [Attribute or value exists] (Wed Aug 13 17:16:35 2014) [sssd[be[MARS.CORP.COM]]] [sysdb_set_entry_attr] (0x0040): Error: 17 (File exists) (Wed Aug 13 17:16:35 2014) [sssd[be[MARS.CORP.COM]]] [sysdb_store_group] (0x0400): Error: 17 (File exists) (Wed Aug 13 17:16:35 2014) [sssd[be[MARS.CORP.COM]]] [sdap_save_grpmem] (0x0080): sysdb_store_group failed: [17][File exists]. (Wed Aug 13 17:16:35 2014) [sssd[be[MARS.CORP.COM]]] [sdap_save_grpmem] (0x0040): Failed to save members of group adgrp01 Expected results: saving group membership succeeds. Additional info: It is not typical that the primary group also contains the user as a member. At the same time, we have code that special-cases the AD provider so that also all members of primary group are added as groups the user is a member of, because that's what Windows clients do. This special-case breaks when the AD primary group *also* contains the user as a member. I think we should simply use ldb permissive control to save the membership.
As agreed on the Aug-14 meeting, moving to the 1.11.6 milestone
blockedby: => blocking: => changelog: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => milestone: NEEDS_TRIAGE => SSSD 1.11.7 review: True => 0 selected: => testsupdated: => 0
Fields changed
owner: somebody => jhrozek status: new => assigned
patch: 0 => 1
resolution: => fixed status: assigned => closed
Metadata Update from @jhrozek: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.11.7
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3448
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.