Skip to content

[autobackport: sssd-2-12] sdap: do not require GID for non-POSIX group#8456

Merged
alexey-tikhonov merged 1 commit intoSSSD:sssd-2-12from
sssd-bot:SSSD-sssd-backport-pr8442-to-sssd-2-12
Feb 17, 2026
Merged

[autobackport: sssd-2-12] sdap: do not require GID for non-POSIX group#8456
alexey-tikhonov merged 1 commit intoSSSD:sssd-2-12from
sssd-bot:SSSD-sssd-backport-pr8442-to-sssd-2-12

Conversation

@sssd-bot
Copy link
Contributor

@sssd-bot sssd-bot commented Feb 17, 2026

This is an automatic backport of PR#8442 sdap: do not require GID for non-POSIX group to branch sssd-2-12, created by @sumit-bose.

Please make sure this backport is correct.

Note

The commits were cherry-picked without conflicts.

You can push changes to this pull request

git remote add sssd-bot git@github.com:sssd-bot/sssd.git
git fetch sssd-bot refs/heads/SSSD-sssd-backport-pr8442-to-sssd-2-12
git checkout SSSD-sssd-backport-pr8442-to-sssd-2-12
git push sssd-bot SSSD-sssd-backport-pr8442-to-sssd-2-12 --force

Original commits
ad173e0 - sdap: do not require GID for non-POSIX group

Backported commits

  • 56815f2 - sdap: do not require GID for non-POSIX group

Original Pull Request Body

In 85b632d the attribute for the GID was removed from non-POSIX groups. Currently sdap_save_group() still requires the attribute and this patch removes this.

sdap_save_group() is currently only used in the code path handling nested groups. To verify the change a test was added were indirect group-members are coming from a nested non-POSIX group.

Resolves: #8441

gemini-code-assist[bot]
gemini-code-assist bot reviewed Feb 17, 2026
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request backports a change to avoid requiring a GID for non-POSIX groups. The change in src/providers/ldap/sdap_async_groups.c correctly wraps the GID retrieval logic within a check for posix_group, which is the right approach to handle non-POSIX groups that lack a GID. A new test case has been added in src/tests/system/tests/test_identity.py to validate this fix by checking indirect group membership through a nested non-POSIX group. The test is well-structured and effectively covers the changed functionality. The changes look correct and I approve them.

@alexey-tikhonov alexey-tikhonov removed the request for review from justin-stephenson February 17, 2026 08:56
@alexey-tikhonov alexey-tikhonov added the no-backport This should go to target branch only. label Feb 17, 2026
@sumit-bose @sssd-bot
sdap: do not require GID for non-POSIX group
7aa7344 
In 85b632d the attribute for the GID
was removed from non-POSIX groups. Currently sdap_save_group() still
requires the attribute and this patch removes this.

sdap_save_group() is currently only used in the code path handling
nested groups. To verify the change a test was added were indirect
group-members are coming from a nested non-POSIX group.

Resolves: SSSD#8441
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
(cherry picked from commit ad173e0)
@sssd-bot
Copy link
Contributor Author

sssd-bot commented Feb 17, 2026

The pull request was accepted by @alexey-tikhonov with the following PR CI status:

🟢 rpm-build:centos-stream-10-x86_64:upstream (success)
🟢 rpm-build:fedora-42-x86_64:upstream (success)
🟢 rpm-build:fedora-43-x86_64:upstream (success)
🟢 rpm-build:fedora-44-x86_64:upstream (success)
🟢 rpm-build:fedora-rawhide-x86_64:upstream (success)
🟢 Build / freebsd (success)
🟢 Build / make-distcheck (success)

There are unsuccessful or unfinished checks. Make sure that the failures are not related to this pull request before merging.

@sssd-bot sssd-bot force-pushed the SSSD-sssd-backport-pr8442-to-sssd-2-12 branch from 56815f2 to 7aa7344 Compare February 17, 2026 09:45
@alexey-tikhonov alexey-tikhonov merged commit c20954b into SSSD:sssd-2-12 Feb 17, 2026
3 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexey-tikhonov alexey-tikhonov alexey-tikhonov approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@alexey-tikhonov alexey-tikhonov

Labels

Accepted no-backport This should go to target branch only.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sssd-bot @alexey-tikhonov @justin-stephenson @sumit-bose