-
Bug
-
Resolution: Done-Errata
-
Undefined
-
rhel-8.0.0, rhel-9.0.0
-
sssd-2.9.4-1.el8
-
Major
-
sst_idm_sssd
-
ssg_idm
-
20
-
21
-
False
-
-
Red Hat Enterprise Linux
-
-
All
Topology: We have AD (ad.domain) with child domain (child.ad.domain) and linux machine joined directly to AD domain.
If user from ad.domain is a member of group from child domain running `id` command shows that all his domains are from ad.domain
How reproducible: Allways
Steps to reproduce
- Create AD (ad.domain) with child domain (child.ad.domain)
- enroll linux machine into AD
- In AD create user (user1@ad.domain), create universal group in child domain (childgroup1@child.ad.domain)
- set ldap_use_tokengroups to False for the domain
- Make user1@ad.domain member of childgroup1@child.ad.domain
- remove SSSD cache, restart SSSD
- run `id user1@ad.domain`
Expected results
id user1@ad.test
uid=1206201105(user1@ad.domain) gid=1206201105(user1@ad.domain) groups=1206201105(user1@ad.domain),1689801105(childgroup1@child.ad.domain),...
Actual results
id user1@ad.test
uid=1206201105(user1@ad.domain) gid=1206201105(user1@ad.domain) groups=1206201105(user1@ad.domain),1689801105(childgroup1@ad.domain),...
- links to
-
RHBA-2023:121691 sssd bug fix and enhancement update
- mentioned on