23 Feb
2016
23 Feb
'16
5:53 a.m.
Hi,
this patch fixes and issue during initgroups in AD forests. Please see the commit message for details.
To reproduce this you can create a new user outside of CN=Users on the forest root. The new user can be created in an existing container or in a new OU container. Most important is that it is not a child of CN=Users. In a child domain (it must be a child, domains with a different base won't trigger the issue) create a user with the same name. With this setup 'id user@forest.root' will not return the complete list of group the user is a member of and the patch should fix this.
bye, Sumit