[Freeipa-devel] [PATCH 0213] support multiple uid values in slapi-nis users map
Lukas Slebodnik
lslebodn at redhat.com
Mon Aug 8 08:51:01 UTC 2016
On (08/08/16 11:35), Alexander Bokovoy wrote:
>On Mon, 08 Aug 2016, Martin Basti wrote:
>>
>>
>> On 08.08.2016 09:34, Alexander Bokovoy wrote:
>> > When SSSD resolves AD users on behalf of slapi-nis, it can accept any
>> > user identifier, including user principal name (UPN) which may be
>> > different than the canonical user name which SSSD returns.
>> >
>> > As result, the entry created by slapi-nis will be using canonical user
>> > name but the filter for search will refer to the original (aliased)
>> > name. The search will not match the newly created entry.
>> >
>> > The issue is fixed in slapi-nis-0.56.1 by returning two values for
>> > 'uid' attribute: the canonical one and the aliased one. This way the
>> > search will match.
>> >
>> > Standard LDAP schema allows multiple values for 'uid' attribute. We
>> > actually use the same trick for 'cn' attribute in the groups map
>> > already.
>> >
>> > https://fedorahosted.org/freeipa/ticket/6138
>> >
>> >
>> >
>> >
>> Hello,
>>
>> should we bump requires to slapi-nis-0.56.1 in freeipa.spec?
>No, this is not required. In Fedora we'll submit a combined update --
>I've built slapi-nis-0.56.1-1 packages for f24, f25, and rawhide already
>but did not submit a Bodhi request.
>
How is combined updated related to requires to slapi-nis-0.56.1?
It will not prevent tu update freeipa without new slapi-nis.
e.g.
dnf update freeipa-server.
LS
More information about the Freeipa-devel
mailing list