[krusader] [Bug 439119] Domain users and groups are not recognized (??? displayed)

Fri, 14 Oct 2022 03:31:30 -0700 

https://bugs.kde.org/show_bug.cgi?id=439119

Ivo Smelhaus <ismelh...@ksat.cz> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REPORTED                    |CONFIRMED
     Ever confirmed|0                           |1

--- Comment #11 from Ivo Smelhaus <ismelh...@ksat.cz> ---
In the meantime I switched to Kubuntu 22.04 and compiled Krusader using the
git:master. The behavior didn't changed. So I spent some time with looking into
logs etc. and all ACl and ATTR infos were OK. 
>From user point of view the ACL and ATTR displaying and manipulations work
without any problem with local users.
With AD users (using sssd) there are some problems:
1. if the ad-user or ad-group is an owner or a group then in list view or in
permission settings are displayed the reported ??? 
    (in Dolphin they are displayed correctly)
2. if the ad-user or ad-group is a listed user or group (e.g. setfacl -m
u:ad-user-x:rwx), then they are displayed correctly (i.e. their names) and
their permissions could be set correctly as well
3. non of them are listed, so they can't be added
    (in Dolphin is the same)
4. if they are written in the owner or group field, they are set correctly, but
not displayed (even if set, the ??? are displayed again)
    (Dolphin uses list instead of text field, so they can't be added at all)

The root of this problem:
1. The AD users/groups could be queried but were not listed. So e.g. `getent
passwd ad-user-x` gave the result but `getent passwd` did'nt listed them
2. If the policy is changed through setting of `enumerate = true` in
/etc/sssd/sssd.conf , then everything works as expected.

It looks like, that Krusader reads the listed users and groups and then only
looks for uid into this lists and if there isn't found, displays the ??? but
Dolphin just makes the second attempt. Am I right?

The solution:
0. Mention the problem in Known Issues with the workaround by "enumerate =
true" which is  the best one for small domains.
1. Get the same result like Dolphin by trying to get name for given uid
directly if not found in the list  and display uid instead of ??? if not found.
- It makes 80% improvement from user point of view. 
2. To add the directly queried ad-users and ad-groups into the list, so that
these could be used for other files/directory  setting. ( 80% -> 95%)
3. Search in AD users/groups ....

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to