Learn more about these different git repos.
Other Git URLs
The dereference code currently fails completely when processing initgroups of an IPA user who is a member of some Role or linked to a Permission against a new (4.0) IPA server.
This is because in 4.0, IPA switched to a different permission model that no longer allows the host principal to read the rbac and pbac containers. The current dereference code errors out when it can't read even the objectclass of an entry.
This bug could be also triggered outside IPA, just by restricting the ACI on the linked entry.
Fields changed
owner: somebody => jhrozek status: new => assigned
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1135432
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=1135432 1135432]
patch: 0 => 1
milestone: NEEDS_TRIAGE => SSSD 1.11.7
master: - 2284e50 - 0321da6 sssd-1-11: - ffe42e0
resolution: => fixed status: assigned => closed
Metadata Update from @jhrozek: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.11.7
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3463
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.