URL: https://github.com/SSSD/sssd/pull/491 Author: jhrozek Title: #491: AD: Inherit the MPG setting from the main domain Action: opened
PR body: """ Resolves: https://pagure.io/SSSD/sssd/issue/3613 If the auto_private_groups option was set in the domain section for direct integration, it only had an effect on the joined domain, not any of the subdomains, so requesting a user from the child domain would look like this: ``` $ id childu...@child.win.trust.test uid=30000(childu...@child.win.trust.test) gid=40000(usergr...@child.win.trust.test) groups=40000(usergr...@child.win.trust.test) ``` ``` The expected result, visible after this patch is: ``` $ id childu...@child.win.trust.test uid=30000(childu...@child.win.trust.test) gid=30000(childu...@child.win.trust.test) groups=30000(childu...@child.win.trust.test),40000(usergr...@child.win.trust.test) ``` """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/491/head:pr491 git checkout pr491
From 5ed6bdfd2099d4d8858f404c61dea570d9e25a6e Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Mon, 15 Jan 2018 22:11:24 +0100 Subject: [PATCH] AD: Inherit the MPG setting from the main domain Resolves: https://pagure.io/SSSD/sssd/issue/3613 If the auto_private_groups option was set in the domain section for direct integration, it only had an effect on the joined domain, not any of the subdomains, so requesting a user from the child domain would look like this: $ id childu...@child.win.trust.test uid=30000(childu...@child.win.trust.test) gid=40000(usergr...@child.win.trust.test) groups=40000(usergr...@child.win.trust.test) The expected result, visible after this patch is: $ id childu...@child.win.trust.test uid=30000(childu...@child.win.trust.test) gid=30000(childu...@child.win.trust.test) groups=30000(childu...@child.win.trust.test),40000(usergr...@child.win.trust.test) --- src/providers/ad/ad_subdomains.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index 3fb9b950f..1b9483a5d 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -391,6 +391,13 @@ ad_subdom_store(struct sdap_idmap_ctx *idmap_ctx, } mpg = sdap_idmap_domain_has_algorithmic_mapping(idmap_ctx, name, sid_str); + if (mpg == false) { + /* Domains that use the POSIX attributes set by the admin must + * inherit the MPG setting from the parent domain so that the + * auto_private_groups options works for trusted domains as well + */ + mpg = domain->mpg; + } ret = sysdb_subdomain_store(domain->sysdb, name, realm, flat, sid_str, mpg, enumerate, domain->forest, 0, NULL);
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
