Ticket #995 (closed enhancement: wontfix)

Opened 3 years ago

Last modified 19 months ago

RFE: Enhance Handling of primaryGroupID from Active Directory

Reported by: myllynen Owned by: sgallagh
Priority: major Milestone: SSSD AD Extensions Feature
Component: SSSD Version: 1.6.1
Keywords: Cc:
Blocked By: Blocking:
Tests Updated: no Coverity Bug:
Patch Submitted: no Red Hat Bugzilla: 0
Design link:
Feature Milestone:
Design review: Fedora test page:
Chosen: Candidate to push out:
Release Notes:

Description

In Active Directory all users are by default members of the group 513 / Domain Users. But when using SSSD against AD with no Identity Management for Unix Role Service enabled the group name for the group ID 513 is not found. It would be helpful if SSSD would handle this case without the need to add the domain users group to each client's /etc/groups.

For the record, nss-pam-ldapd has related functionality, as described in:

http://lists.arthurdejong.org/nss-pam-ldapd-users/2011/msg00213.html

Change History

comment:1 Changed 3 years ago by dpal

  • Milestone changed from NEEDS_TRIAGE to SSSD Deferred

comment:2 Changed 2 years ago by jhrozek

comment:3 Changed 2 years ago by dpal

  • Red Hat Bugzilla set to 0

comment:4 Changed 2 years ago by dpal

  • Milestone changed from SSSD Deferred to NEEDS_TRIAGE

Putting in needs triage. Seems like it belongs to 1.9.

comment:5 Changed 2 years ago by sgallagh

  • Milestone changed from NEEDS_TRIAGE to SSSD AD Extensions Feature
  • Owner changed from somebody to sgallagh

comment:6 Changed 2 years ago by sgallagh

  • Resolution set to wontfix
  • Status changed from new to closed

We don't plan to special-case the "Domain Users" group. Either the admin needs to add the POSIX attributes, or it needs to be handled by the ID-mapping being done in ticket #996.

comment:7 Changed 19 months ago by jhrozek

This use case works now with the AD provider.

comment:8 Changed 5 months ago by dpal

  • Type changed from defect to enhancement
Note: See TracTickets for help on using tickets.