[SSSD] [PATCH] AD: Handle cases where no GPOs apply
It is possible to have a machine where none of the GPOs associated with
it include access-control rules. Currently, this results in a
denial-by-system-error.
We need to treat this case as allowing the user (see the test cases in
https://fedorahosted.org/sssd/wiki/DesignDocs/ActiveDirectoryGPOIntegra
tion
We also need to delete the result object from the cache to ensure that
offline operation will also grant access.
Resolves:
https://fedorahosted.org/sssd/ticket/2691
Attachments:
- 0001-AD-Handle-cases-where-no-GPOs-apply.patch (text/x-patch — 3.7 KB)
- signature.asc (application/pgp-signature — 181 bytes)