Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-67893

sssd should have options to exclude UID and GID

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • sssd
    • None
    • None
    • rhel-sst-idm-sssd
    • ssg_idm
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • None

      Goal

      • As a system administrator, I Want SSSD to have options to exclude UIDs and GIDs, so I don't need to waste time to search non-existant UIDs and GIDs.

      So far, we have filter_users and filter_groups. However, they only work for usernames and group names, but no equivalent to uidNumber and gidNumber.

      Thus, it will be great help if customer can specify the uidNumber range that they don't want SSSD to search like

      filter_uid_range = 0-999

      So when customer searches the non-existed 'id 921', it returns immediately without wasting time to search LDAP.

      Acceptance criteria

      • Having options such as filter_uid_range and filter_gid_range in man sssd.conf
      • Assumine we have filter_uid_range = 0-999
      • Run `id 1`,
        • It should return uid=1(bin) gid=1(bin) groups=1(bin)
      • Assuming UID 921 does not exist in /etc/passwd
        • Run `id 921`,
          • It should return nothing
          • sssd_nss.log debug_level 6 or 0x0400 or deeper should indicate the 921 is in the filter_uid_range.
          • sssd_example.com.log should not show that it invoke LDAP search to search uidnumber 921.

              sssd-maint SSSD Maintainers
              rhn-support-dchen Ding Yi Chen
              SSSD Maintainers SSSD Maintainers
              SSSD QE SSSD QE
              Louise McGarry Louise McGarry
              Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

                Created:
                Updated: