Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Minor
Fix Version/s: rhel-9.5
Affects Version/s: rhel-8.8.0
Component/s: sssd
Labels:

Fixed in Build:
sssd-2.9.5-1.el9
Regression:
None
Severity:
Low

Pool Team:

rhel-sst-idm-sssd
Sub-System Group:

ssg_idm

Dev Target Milestone:
12
Internal Target Milestone:
14
Story Points:
0
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Products:

Red Hat Enterprise Linux
Sprint:
None

Git Pull Request:
https://github.com/SSSD/sssd/pull/7137
Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/131669
Test Coverage:
None

Experience:

PX Impact Score:
PX Priority Data:
PX Review Complete:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

SSSD maps mail attribute to an account, and allows users to login using e-mail address (value of mail attribute).

This behavior has caused confusion to some customers. Below man page vaguely documents the behavior.

ldap_user_email (string)

<...> If for some reason several users
need to share the same email address then set this option to a
nonexistent attribute name in order to disable user lookup/login by
email.

Default: mail

Could this behavior (allowing users to authenticate using e-mail as a substitute of username) be documented more explicitly?

links to

IdM and AD users are identified by Kerberos Principal name and Email address interchangeably

Improve documentation for allowing e-mail address as username #7136

RHBA-2024:131669 sssd bug fix and enhancement update

Assignee:: Andre Boscatto

Reporter:: Sunny Wu

Developer:: SSSD Maintainers

QA Contact:: Anuj Borah

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2023/08/24 1:26 PM

Updated:: 2024/11/12 9:41 AM

Resolved:: 2024/11/12 9:41 AM

Dev Target end:: 2024/05/20

Target end:: 2024/06/03

Release Date:: 2024/11/12