URL: https://github.com/SSSD/sssd/pull/128 Title: #128: Fix group renaming issue when "id_provider = ldap" is set
lslebodn commented: """ On (14/02/17 08:17), Jakub Hrozek wrote:
Last but not least, @lslebodn suggested (in face to face conversation in the office) that maybe we could add an option which would be used for fixing the group renaming for whoever reported this bug (and this option wouldn't be enabled by default). Opinions on Lukáš' idea?
I'm not sure..it does steer towards the safe side, but on the other hand, renaming a group is a legally fine operation and I'm not sure I like an option that the admin must enable in order to proceed with an OK operation..
Renaming is fine. But coliding UIDs/GIDs is not rare situation. especialy if they use old clients (nss-ldap) which do not cache entries and do not care about colliding IDs.
ATM we are quite safe in case of colliding IDs The main problem is what whether this change might results in more bug reports related to issues with colliding IDs (renamed group very often). It might be difficult to identify it.
BTW IIRC this use case (colliding IDs is quite common in /etc/passwd,group)
LS
"""
See the full comment at https://github.com/SSSD/sssd/pull/128#issuecomment-279779305