Dear all, I'm running CentOS 7.3 with SSSD. I'm using sssd-ad to talk to an AD backend. Group names in the AD contain capitals. When sssd-ad is working normally, group names returned are all lowercase. However, when the AD backend goes offline, group names returned from the SSSD cache contain capitals. The change in case breaks stuff (sshd's AllowGroups, for one). Has anybody else seen this behavior? Is there a way to make the group names uniform, whether they come from sssd-ad or the cache? Best, Robbert -- Robbert Eggermont Intelligent Systems R.Eggermont at tudelft.nl Electr.Eng., Mathematics & Comp.Science +31 15 27 83234 Delft University of Technology
On Fri, 20 Jan 2017, Robbert Eggermont wrote:> Dear all, > > I'm running CentOS 7.3 with SSSD. I'm using sssd-ad to talk to an AD backend. > Group names in the AD contain capitals. > > When sssd-ad is working normally, group names returned are all lowercase. > However, when the AD backend goes offline, group names returned from the SSSD > cache contain capitals. > > The change in case breaks stuff (sshd's AllowGroups, for one). > > Has anybody else seen this behavior? > Is there a way to make the group names uniform, whether they come from > sssd-ad or the cache?case_sensitive = Preserving This way you get capitalisation on what's reported when it's connected and not AFAIK. jh
Hi John, Thanks for pointing me to case_sensitive, that indeed is the cause: the default for "case_sensitive" is "True", but for the AD provider "True" is invalid(??), so it defaults to "False"(???)! Good news is that with both "case_sensitive = False" and "case_sensitive = Preserving" the results from AD and cache are identical (lowercase and case-preserving, respectively). Since this (opposite defaults) is broken by design, I hope the AD provider will be fixed so it follows the general default. Thanks, Robbert On 20-01-17 10:58, John Hodrien wrote:> On Fri, 20 Jan 2017, Robbert Eggermont wrote: >> When sssd-ad is working normally, group names returned are all >> lowercase. However, when the AD backend goes offline, group names >> returned from the SSSD cache contain capitals. > > case_sensitive = Preserving > > This way you get capitalisation on what's reported when it's connected > and not-- Robbert Eggermont Intelligent Systems R.Eggermont at tudelft.nl Electr.Eng., Mathematics & Comp.Science +31 15 27 83234 Delft University of Technology