URL: https://github.com/SSSD/sssd/pull/128 Title: #128: Fix group renaming issue when "id_provider = ldap" is set
lslebodn commented: """ On (14/02/17 01:57), fidencio wrote:
@lslebodn: Firstly, my answer may be incomplete due to the lack of knowledge, but let's try ...
- As far as I understand SSSD does not deal properly with multiple groups having the same GID and I'm saying that based on both AD's and LDAP's code, where the search is done by the GID and we expect only one result;
Yes, we expect but reality is different and we got bug reports about incomplete groups. And result of bug investigation was colliding GIDs.
Current version detects that there is a collision of GIDs and will not return any result for problematic groups.
- We already have at least one bug opened for this situation (https://fedorahosted.org/sssd/ticket/2982) and in case we decide to deal properly with this my feeling is that it will have to be done in all different parts of the code.
I understand why you're worried and I see we can hit this situation. But we can hit this situation even without my fix. So I'd like to propose to fix this situation when someone has time to work on this and in a better way than just "don't deal with group renaming".
Yes we can hit this situation without your fix but I am curious what will be a difference between current behaviour and with this PR.
LS
"""
See the full comment at https://github.com/SSSD/sssd/pull/128#issuecomment-279702381