-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ipa-tuura treats AD users differently due to sssd config #135
Comments
It looks like the default
If I comment that out and restart sssd manually, that resolves the issue. Now the question is "should" we do that here? |
spoore1
added a commit
to spoore1/ipa-tuura
that referenced
this issue
Sep 18, 2024
After a realm join, the sssd.conf by default has this option set to True. This causes AD behavior to differ slightly from IPA and LDAP by requiring AD users be fully qualified with a domain in the username. Forcing this option to False makes all three behave more alike. Resolves: freeipa#135 Signed-off-by: Scott Poore <[email protected]>
spoore1
added a commit
to spoore1/ipa-tuura
that referenced
this issue
Sep 18, 2024
After a realm join, the sssd.conf by default has this option set to True. This causes AD behavior to differ slightly from IPA and LDAP by requiring AD users be fully qualified with a domain in the username. Forcing this option to False makes all three behave more alike. Resolves: freeipa#135 Signed-off-by: Scott Poore <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It appears that AD users are treated differently in ipa-tuura than IPA and LDAP users due to how the user is being presented by AD.
As opposed to IPA:
A lookup for aduser1 returns nothing:
A lookup for [email protected] returns:
The text was updated successfully, but these errors were encountered: