URL: https://github.com/SSSD/sssd/pull/693 Author: jhrozek Title: #693: SYSDB: Fall back to the MPG result of getgrgid search if the non-MPG search for override doesn't match anything Action: opened
PR body: """ Commit cf4f5e031ecbdfba0b55a4f69a06175a2e718e67 changed the logic of getgrgid (and getpwnam, so far this patch only touches getgrgid) in the sense that if looking up a GID in a MPG domain, the code checks if the GID was overriden and if yes, it mandates that the overriden GID resolves to a group by falling back to a non-MPG search.
This breaks the following use-case: $ ipa idoverrideuser-add --uid=13133 --gidnumber=13133 'Default Trust View' user@domain
Most importantly, I'm on the fence about whether the current behaviour is a bug or not. In general, I would have expected that if a primary GID is overriden, you more or less break the MPG model, and then it's fair from SSSD to make sure the GID number resolves to an entry. But apparently our users were relying on the old behaviour where you can set the primary GID with an override and then still resolve the primary group by ID to the user entry.
So the patch in the PR is just a quick hack which sort of falls back to using the user entry as the group if the overriden GID doesn't resolve to anything.
Should we support this use-case at all? Should we maybe limit it to cases where the UID and GID are the same? """
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/693/head:pr693 git checkout pr693
URL: https://github.com/SSSD/sssd/pull/693 Title: #693: SYSDB: Fall back to the MPG result of getgrgid search if the non-MPG search for override doesn't match anything
jhrozek commented: """ I think this patch breaks https://pagure.io/SSSD/sssd/issue/3595 because fixing https://pagure.io/SSSD/sssd/issue/3595 relied on not using the MPG result in case the GID was overriden and just letting the lookup continue to other domains to find the group object the overriden GID relates to """
See the full comment at https://github.com/SSSD/sssd/pull/693#issuecomment-436613278
URL: https://github.com/SSSD/sssd/pull/693 Title: #693: SYSDB: Fall back to the MPG result of getgrgid search if the non-MPG search for override doesn't match anything
Label: +Changes requested
URL: https://github.com/SSSD/sssd/pull/693 Title: #693: SYSDB: Fall back to the MPG result of getgrgid search if the non-MPG search for override doesn't match anything
dchjorth commented: """ Hello,
I am affected by this issue and would like to help, if any help is wanted. I can test this commit or submit a new one if this commit isn't ready yet.
Thanks!
Daniel """
See the full comment at https://github.com/SSSD/sssd/pull/693#issuecomment-451687203
URL: https://github.com/SSSD/sssd/pull/693 Author: jhrozek Title: #693: SYSDB: Fall back to the MPG result of getgrgid search if the non-MPG search for override doesn't match anything Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/693/head:pr693 git checkout pr693
URL: https://github.com/SSSD/sssd/pull/693 Author: jhrozek Title: #693: SYSDB: Fall back to the MPG result of getgrgid search if the non-MPG search for override doesn't match anything Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/693/head:pr693 git checkout pr693
URL: https://github.com/SSSD/sssd/pull/693 Title: #693: SYSDB: Fall back to the MPG result of getgrgid search if the non-MPG search for override doesn't match anything
jhrozek commented: """ Rebased per @pbrezina 's request """
See the full comment at https://github.com/SSSD/sssd/pull/693#issuecomment-528059811
URL: https://github.com/SSSD/sssd/pull/693 Title: #693: SYSDB: Fall back to the MPG result of getgrgid search if the non-MPG search for override doesn't match anything
mzidek-gh commented: """ I also do believe that this PR breaks what was fixed by https://pagure.io/SSSD/sssd/c/cf4f5e0
I think we can either introduce an option to specify how SSSD should work in this particular case or explain in some document (maybe ipa man pages about override or knowledge base article?) how SSSD behaves. I do not think this is described anywhere currently. """
See the full comment at https://github.com/SSSD/sssd/pull/693#issuecomment-603099753
URL: https://github.com/SSSD/sssd/pull/693 Title: #693: SYSDB: Fall back to the MPG result of getgrgid search if the non-MPG search for override doesn't match anything
mzidek-gh commented: """ Btw. I do not think the original author of this PR will work on this anymore (feel free to correct me @jhrozek if I am wrong :) )
So I think a good way to approach this would be to: 1. create an issue to track this 2. close this PR and link it with the issue from 1 3. plan what to do with the issue from 1 (doc fix or patch or move to backlog) """
See the full comment at https://github.com/SSSD/sssd/pull/693#issuecomment-603105940
sssd-devel@lists.fedorahosted.org