Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1356433 - ldap_group_external_member is no set for the IPA provider
Summary: ldap_group_external_member is no set for the IPA provider
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.2
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: SSSD Maintainers
QA Contact: Steeve Goveas
URL:
Whiteboard:
Depends On: 1346294
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-07-14 06:26 UTC by Marcel Kolaja
Modified: 2016-08-02 18:38 UTC (History)
11 users (show)

Fixed In Version: sssd-1.13.0-40.el7_2.12
Doc Type: Bug Fix
Doc Text:
Previously, the ldap_group_external_member parameter had no default value set. As a consequence, the System Security Services Daemon (SSSD) failed to resolve external members of IdM groups during getgr* requests. A patch has been applied to set a default value for the ldap_group_external_member parameter. As a result, resolving external members of IdM groups works in the described scenario.
Clone Of: 1346294
Environment:
Last Closed: 2016-08-02 18:38:00 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:1528 normal SHIPPED_LIVE sssd bug fix update 2016-08-02 22:22:33 UTC

Description Marcel Kolaja 2016-07-14 06:26:00 UTC
This bug has been copied from bug #1346294 and has been proposed
to be backported to 7.2 z-stream (EUS).

Comment 6 Varun Mylaraiah 2016-07-15 11:00:40 UTC
Verified
ipa-server-4.2.0-15.el7_2.18.x86_64
sssd-1.13.0-40.el7_2.12.x86_64
 
# ipa group-add testgrp02
-----------------------
Added group "testgrp02"
-----------------------
  Group name: testgrp02
  GID: 1929200020
 
 
# ipa group-add --desc='external group' ext_testgrp02 --external
---------------------------
Added group "ext_testgrp02"
---------------------------
  Group name: ext_testgrp02
  Description: external group
 
# ipa group-add-member ext_testgrp02 --external "ADTEST2.QE\adgroup1"
[member user]:
[member group]:
  Group name: ext_testgrp02
  Description: external group
  External member: S-1-5-21-1869981227-3608374679-2281468898-1106
-------------------------
Number of members added 1
-------------------------
 
# ipa group-add-member testgrp02
[member user]:
[member group]: ext_testgrp02
  Group name: testgrp02
  GID: 1929200020
  Member groups: ext_testgrp02
-------------------------
Number of members added 1
-------------------------

# getent group testgrp02@htestrelm.test
testgrp02@htestrelm.test:*:1929200020:aduser2@adtest2.qe,Aduser1@adtest2.qe

Comment 9 errata-xmlrpc 2016-08-02 18:38:00 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-1528.html


Note You need to log in before you can comment on or make changes to this bug.