On Fri, Mar 11, 2011 at 05:56:57AM -0500, Stephen Gallagher wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > This is most commonly seen with ActiveDirectory?. The 'group' > objectClass does not have a mandatory GID attribute, and SSSD was > throwing errors when trying to process groups without them (which is > necessary for use on a POSIX system). > > This patch updates the group filters so that we include "gidNumber=*" to > filter out groups that are missing this information.
Although it is quite elegant to let the server do the work I wonder if we shouldn't read all groups and let sssd do the checks. This way we can give detailed debug messages and maybe reduce the number of bug reports. Maybe we should add the name of the group to this check too and a check for user id and user name, just to be on the safe side. bye, Sumit > > Fixes https://fedorahosted.org/sssd/ticket/824 > > > - -- > Stephen Gallagher > > RHCE 804006346421761 > > Delivering value year after year. > Red Hat ranks #1 in value among software vendors. > http://www.redhat.com/promo/vendor/ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk15//kACgkQeiVVYja6o6OdoACfTUIU7ChLXucGywtCAM1LCQMd > xpAAoKiigXs0U56+R9VryqBGfTsT7Pbq > =h0WR > -----END PGP SIGNATURE----- _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel