Ticket #995 (closed enhancement: wontfix)

Opened 5 years ago

Last modified 4 years ago

RFE: Enhance Handling of primaryGroupID from Active Directory

Reported by: myllynen Owned by: sgallagh
Priority: major Milestone: SSSD AD Extensions Feature
Component: SSSD Version: 1.6.1
Keywords: Cc:
Blocked By: Blocking:
Sensitive: Tests Updated: no
Coverity Bug: Patch Submitted: no
Red Hat Bugzilla: 0 Design link:
Feature Milestone:
Design review: Fedora test page:
Chosen: Candidate to push out:
Release Notes:
Temp mark:


In Active Directory all users are by default members of the group 513 / Domain Users. But when using SSSD against AD with no Identity Management for Unix Role Service enabled the group name for the group ID 513 is not found. It would be helpful if SSSD would handle this case without the need to add the domain users group to each client's /etc/groups.

For the record, nss-pam-ldapd has related functionality, as described in:


Change History

comment:1 Changed 5 years ago by dpal

  • Milestone changed from NEEDS_TRIAGE to SSSD Deferred

comment:2 Changed 5 years ago by jhrozek

comment:3 Changed 5 years ago by dpal

  • Red Hat Bugzilla set to 0

comment:4 Changed 5 years ago by dpal

  • Milestone changed from SSSD Deferred to NEEDS_TRIAGE

Putting in needs triage. Seems like it belongs to 1.9.

comment:5 Changed 5 years ago by sgallagh

  • Owner changed from somebody to sgallagh
  • Milestone changed from NEEDS_TRIAGE to SSSD AD Extensions Feature

comment:6 Changed 5 years ago by sgallagh

  • Status changed from new to closed
  • Resolution set to wontfix

We don't plan to special-case the "Domain Users" group. Either the admin needs to add the POSIX attributes, or it needs to be handled by the ID-mapping being done in ticket #996.

comment:7 Changed 4 years ago by jhrozek

This use case works now with the AD provider.

comment:8 Changed 3 years ago by dpal

  • Type changed from defect to enhancement
Note: See TracTickets for help on using tickets.