Skip to content

[autobackport: sssd-2-9] sdap: do not require GID for non-POSIX group#8455

Merged
alexey-tikhonov merged 1 commit intoSSSD:sssd-2-9from
sssd-bot:SSSD-sssd-backport-pr8442-to-sssd-2-9
Feb 17, 2026
Merged

[autobackport: sssd-2-9] sdap: do not require GID for non-POSIX group#8455
alexey-tikhonov merged 1 commit intoSSSD:sssd-2-9from
sssd-bot:SSSD-sssd-backport-pr8442-to-sssd-2-9

Conversation

@sssd-bot
Copy link
Contributor

@sssd-bot sssd-bot commented Feb 17, 2026

This is an automatic backport of PR#8442 sdap: do not require GID for non-POSIX group to branch sssd-2-9, created by @sumit-bose.

Please make sure this backport is correct.

Note

The commits were cherry-picked without conflicts.

You can push changes to this pull request

git remote add sssd-bot git@github.com:sssd-bot/sssd.git
git fetch sssd-bot refs/heads/SSSD-sssd-backport-pr8442-to-sssd-2-9
git checkout SSSD-sssd-backport-pr8442-to-sssd-2-9
git push sssd-bot SSSD-sssd-backport-pr8442-to-sssd-2-9 --force

Original commits
ad173e0 - sdap: do not require GID for non-POSIX group

Backported commits

  • c5435c0 - sdap: do not require GID for non-POSIX group

Original Pull Request Body

In 85b632d the attribute for the GID was removed from non-POSIX groups. Currently sdap_save_group() still requires the attribute and this patch removes this.

sdap_save_group() is currently only used in the code path handling nested groups. To verify the change a test was added were indirect group-members are coming from a nested non-POSIX group.

Resolves: #8441

gemini-code-assist[bot]
gemini-code-assist bot reviewed Feb 17, 2026
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request is a backport that fixes an issue where SSSD would incorrectly require a GID for non-POSIX groups. The change in src/providers/ldap/sdap_async_groups.c correctly makes the GID retrieval conditional on the group being a POSIX group. A new test case has been added in src/tests/system/tests/test_identity.py to cover this scenario with nested non-POSIX groups, ensuring the fix is effective. The changes look correct and well-tested.

@alexey-tikhonov alexey-tikhonov removed the request for review from justin-stephenson February 17, 2026 08:56
@alexey-tikhonov alexey-tikhonov added the no-backport This should go to target branch only. label Feb 17, 2026
@sumit-bose @sssd-bot
sdap: do not require GID for non-POSIX group
5791875 
In 85b632d the attribute for the GID
was removed from non-POSIX groups. Currently sdap_save_group() still
requires the attribute and this patch removes this.

sdap_save_group() is currently only used in the code path handling
nested groups. To verify the change a test was added were indirect
group-members are coming from a nested non-POSIX group.

Resolves: SSSD#8441
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
(cherry picked from commit ad173e0)
@sssd-bot
Copy link
Contributor Author

sssd-bot commented Feb 17, 2026

The pull request was accepted by @alexey-tikhonov with the following PR CI status:

🟢 CodeQL (success)
🟢 rpm-build:centos-stream-9-x86_64:upstream (success)
🟢 Build / make-distcheck (success)
🟢 ci / prepare (success)
🟢 ci / system (centos-9) (success)
🟢 Static code analysis / codeql (success)
🟢 Static code analysis / pre-commit (success)
🟢 Static code analysis / python-system-tests (success)

There are unsuccessful or unfinished checks. Make sure that the failures are not related to this pull request before merging.

@sssd-bot sssd-bot force-pushed the SSSD-sssd-backport-pr8442-to-sssd-2-9 branch from c5435c0 to 5791875 Compare February 17, 2026 12:17
@alexey-tikhonov alexey-tikhonov merged commit 259bdba into SSSD:sssd-2-9 Feb 17, 2026
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexey-tikhonov alexey-tikhonov alexey-tikhonov approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@alexey-tikhonov alexey-tikhonov

Labels

Accepted no-backport This should go to target branch only.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sssd-bot @alexey-tikhonov @justin-stephenson @sumit-bose