On Tue, Aug 09, 2016 at 10:27:32PM +0200, Jakub Hrozek wrote: > The attached patch fixes issues with logging in as users without an > explicit UPN in a trust scenario. The simplest reproducer is to log in > as Administrator or configure sssd to not look up the principal > attribute by adding this to the server's sssd.conf > subdomain_inherit = ldap_user_principal > ldap_user_principal = nosuchatt > > Please see the commit message for more details.
Patch looks good, works as expected and passes CI http://sssd-ci.duckdns.org/logs/job/52/48/summary.html. ACK. I wasn't able to reproduce the issue first until I realized I had enterprise principal enabled which made the mal-formed principals work as expected :-) bye, Sumit _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org