Learn more about these different git repos.
Other Git URLs
Currently the search paths for HBAC data are hardcoded. Chances are that these might change in future so a more flexible solution needs to be found.
Please add an {{{ipa_hbac_search_base}}} option to SSSD that defaults to {{{ldap_search_base}}} and perform lookups with an LDAP search expression including the HBAC objectClass.
doc: 0 => 1 milestone: NEEDS_TRIAGE => SSSD 1.5.1 priority: major => critical tests: 0 => 1
We set ldap_search_base to "cn=accounts"+base_dn in ipa_common.c. So if we do not change this, too, I would suggest to default to the base_dn.
Unfortunately, we can't default to the base_dn for {{{ldap_search_base}}} in IPA because of the compat tree. If we search from the base, we always get duplicate entries (and it plays havoc with our processing).
Ah, sorry, I've meant to use the base DN as a default for ipa_hbac_search_base not for ldap_search_base.
fixed by 56789cf
resolution: => fixed status: new => closed
Fields changed
rhbz: => 0
Metadata Update from @sbose: - Issue assigned to sbose - Issue set to the milestone: SSSD 1.5.1
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/1819
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.