On 9/21/18 7:53 PM, Beale (US), Gareth wrote:
I'd consider this to be broken data.
- you are entitled to your opinion. It is a hack, but it has worked for a long time as a
workaround to deficiencies in services like NIS, and legacy Unix systems
I don’t believe this is an uncommon solution,
Frankly I never saw this. Personally I'd consider this to be rather uncommon.
Your mileage may vary
and it has worked fine for many years.
Your systems really handled full group lookups by GID correctly? How? Ciao, Michael.
Lookup by GID would likely return the most recently cached group with that GID (though
that isn't the case with SSSD strangely). So a manual lookup by GID to find a user
might not return the right result, but it doesn't appear to be how things work for
most system utilities (groups, id etc.).
I'm really looking for some assistance on this thread. I'm aware that opinions may
vary, but the bottom line is that we are seeing errors and lookup failures that didn't
happen before SSSD was inserted in front of LDAP. And the failures do not happen
Also if having duplicate GIDs in the cache is an error, how did they get there in the
first place? Clearly things are not working the way they should.