Created attachment 254847 [details] proposed patch Attached is a patch which rewrites the UID enumeration code to use sysctl instead of procfs on FreeBSD, following up on PR 279255. This is a bit more code, but doesn't require any special mounts so makes sssd2 behave more like a native FreeBSD application. Gleb, John, I wonder if you could help test this? Our current sssd2 setup has some issues that make testing a bit tricky at the moment.
The code looks good to me and I tested it with our local AD domain. I don't really remember what action highlighted this problem initially, but at least nothing gets broken by this change.
(In reply to Gleb Popov from comment #1) Thanks for testing. The problem was triggered by having krb5_store_password_if_offline=yes set in the sssd2 configuration, and starting sssd2 with some krb provider configured. In particular, this should now work without procfs mounted.
> krb5_store_password_if_offline=yes set in the sssd2 configuration, and starting sssd2 with some krb provider configured. That was exactly the context I was testing in.
Looks good to me. I'll get it committed this week. Thanks!
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=f53142e16976397a188f1d44ec743926b34feeb8 commit f53142e16976397a188f1d44ec743926b34feeb8 Author: John Hixson <jhixson@FreeBSD.org> AuthorDate: 2024-12-06 20:47:24 +0000 Commit: John Hixson <jhixson@FreeBSD.org> CommitDate: 2024-12-06 20:48:44 +0000 security/sssd2: bump port revision Added patch for finding UIDs without using procfs PR: 282469 security/sssd2/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Committed. Thank you!