URL:
https://github.com/SSSD/sssd/pull/128
Title: #128: Fix group renaming issue when "id_provider = ldap" is set
lslebodn commented:
"""
On (14/02/17 01:57), fidencio wrote:
@lslebodn:
Firstly, my answer may be incomplete due to the lack of knowledge, but let's try ...
1) As far as I understand SSSD does not deal properly with multiple groups having the same
GID and I'm saying that based on both AD's and LDAP's code, where the search
is done by the GID and we expect only one result;
Yes, we expect but reality is different and we got
bug reports about incomplete groups.
And result of bug investigation was colliding GIDs.
Current version detects that there is a collision of GIDs
and will not return any result for problematic groups.
2) We already have at least one bug opened for this situation
(
https://fedorahosted.org/sssd/ticket/2982) and in case we decide to deal properly with
this my feeling is that it will have to be done in all different parts of the code.
I understand why you're worried and I see we can hit this situation. But we can hit
this situation even without my fix. So I'd like to propose to fix this situation when
someone has time to work on this and in a better way than just "don't deal with
group renaming".
Yes we can hit this situation without your fix but I am curious
what will be a difference between current behaviour and with this PR.
LS
"""
See the full comment at
https://github.com/SSSD/sssd/pull/128#issuecomment-279702381