Learn more about these different git repos.
Other Git URLs
Man page says: ...When connected to Active-Directory Server 2008 and later it is furthermore required to disable usage of Token-Groups by setting ldap_use_tokengroups to false...
It should be rather opposite, i.e. when connected to W2k8 or newer, it is suggested to ENABLE (not disable) use of tokengroups. Maybe we can even drop this statement altogether because my understanding is that sssd detect DC version automatically and acts appropriately - normally we do not need to change default behavior.
Easy fix, it's confusing users. We should fix this in 1.13.3, or even .2 if we get the fix fast enough.
_comment0: Easy fix, it's confusing users. We should fix this in 1.13.2, or even .1 if we get the fix fast enough. => 1443040296735796 keywords: => easyfix
Fields changed
rhbz: => 0
milestone: NEEDS_TRIAGE => SSSD 1.13.3
The proposed version is not correct. The quoted text is for option ldap_group_nesting_level in the manual page sssd-ldap
People sometimes want to disable nesting level with setting this option to value 0. But in case of active directory it would not help. Because we get all groups with from tokengroups. So it is necessary to DISABLE ldap_use_tokengroups.
On the other hand the option ldap_use_tokengroups is disabled by default with ldap_schema rfc2307{,bis}.
owner: somebody => jhrozek priority: major => minor status: new => assigned
patch: 0 => 1
master:
sssd-1-13:
resolution: => fixed status: assigned => closed
Metadata Update from @ondrejv2: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.13.3
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3837
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.