What were you trying to do that didn't work?

Customer is on SSSD AD direct integration with

ldap_id_mapping = True

There is AD user user@ad.example.com, with UPN that is on different realm `user_upn@EXAMPLE.COM`.

After

sss_override user@ad.example.com --name user_upn --uid 1001 --gid 1001 --shell /bin/bash  --debug 0x0370

While with original user {{getent passwd user@ad.example.com}}works as intend

user@ad.example.com:1001:1001:GECOS:/home/user:/bin/bash

However, with UPN getent passwd user_upn@example.com

user:*:1234567:1234513:GECOS:/home/user:/sbin/nologin

The UID, GID, and shell are not overridden.

What is the impact of this issue to you?

This cause user confusion. Also UID inconsistent may trigger access issues.

Please provide the package NVR for which the bug is seen:

sssd-2.9.4-4.el8_10.x86_64

How reproducible is this bug?:

Always

Steps to reproduce

1. Setup SSSD AD integration with domain ad.example.com
2. Have an AD user, user@ad.example.com with UPN `user_upn@EXAMPLE.COM`
3. sss_override user@ad.example.com --name user_upn --uid 1001 --gid 1001 --shell /bin/bash --debug 0x0370
4. getent passwd user@ad.example.com
5. getent passwd user_upn@example.com

Expected results

The output of both getent passwd commands should match

Actual results

The output of both getent passwd commands were different