freeipa icon indicating copy to clipboard operation
freeipa copied to clipboard
verified publisher icon freeipa

idviews: Use ipaAnchorUUID without DCERPC bindings for SID anchors

Open t-woerner opened this issue 2 years ago • 2 comments

SID anchors are only resolvable on servers with DCERPC bindings installed. On non agent replica these bindings are not installed and therefore group and role management if there are AD user idoverride members.

Fixes: https://pagure.io/freeipa/issue/9544

t-woerner avatar Feb 26 '24 13:02 t-woerner

The code LGTM. @t-woerner does it help with your reproducer? I wonder if we should turn that one into a test or rely on ansible-freeipa testing this scenario...

abbra avatar Feb 26 '24 16:02 abbra

Yes, this fixes the issue for me. I think it might be good to have a test in FreeIPA for this.

t-woerner avatar Feb 26 '24 16:02 t-woerner

We can add a test later.

abbra avatar May 22 '24 07:05 abbra

master:

  • 9dc57ef77e276773b91c567f83498a69d382ba13 idviews: Use ipaAnchorUUID without DCERPC bindings for SID anchors

antoniotorresm avatar May 22 '24 08:05 antoniotorresm