URL:
https://github.com/SSSD/sssd/pull/330
Title: #330: ad_account_can_shortcut: shortcut if ID is unknown
sumit-bose commented:
"""
Maybe, but I guess it is more a side effect so that the issue is already seen in
ad_account_can_shortcut(). My feeling is that it is more related to some cache_req
refactoring, maybe when adding the domain resolution order. In older versions the IPA
domain was always looked up first and hence IDs from the IPA domain where already in the
cache and never tried against an AD domain. Now it can happen that the AD domain is used
first (either accidentally as in my case or on purpose if domain resolution order is
configured in such a way). Please note that imo nothing is wrong with the cache_req code,
it just triggers the issue but it should be fixed in the backend.
Btw please note that an completely unknow ID does not trigger the issue because the error
code returned by the idmapping library in this case is already handled properly.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/330#issuecomment-317358001