sssd is skipping GPO evaluation with auto_private_groups

Question

sssd is skipping GPO evaluation with auto_private_groups

Closed this issue 5 months ago · 2 comments

This issue is cloned from https://issues.redhat.com/browse/RHEL-41047

What were you trying to do that didn't work?
* AD login is not working due to GPO on RHEL 8.10 with `sssd-2.9.4-3.el8_10.x86_64`
* With `sssd-2.9.4-3.el8_10.x86_64` sssd is not reaching out to GPO evaluation when auto_private_groups is enabled

Please provide the package NVR for which bug is seen:
sssd-2.9.4-3.el8_10.x86_64
How reproducible:
Steps to reproduce
# Update the system to RHEL 8.9 or 8.10
# Integrated the system with AD
# Set GPO policy on AD
# Set `auto_private_groups = true` in sssd.conf

Additionally it should be mentioned that UIDs and GIDs should be read from AD, i.e. ldap_id_mapping = False

Answer 1 · 2024-06-21T15:46:32.000Z

Pushed PR: #7452

master
- 986bb72 - sysdb: do not fail to add non-posix user to MPG domain
sssd-2-9
- d234cf5 - sysdb: do not fail to add non-posix user to MPG domain

Answer 2 · 2024-11-21T15:28:52.000Z

Pushed PR: #7706

sssd-2-9-4
- aa81ab0 - DEBUG: reduce log level in case a responder asks for unknown domain
- acd5da5 - ldap: add 'exop_force' value for ldap_pwmodify_mode
- 0e86f1a - sysdb: do not fail to add non-posix user to MPG domain
- 9ff2e55 - ad: use default user_map when looking of host groups for GPO
- ebbde00 - sdap: allow to provide user_map when looking up group memberships