[Freeipa-users] SSS problems with eDirectory
Simo Sorce
ssorce at redhat.com
Fri Jul 23 22:15:29 UTC 2010
On Fri, 23 Jul 2010 17:17:11 -0400
Scott Duckworth <sduckwo at clemson.edu> wrote:
> I've learned that this attribute does exist in our tree, but it's not
> being populated when we add users to groups since our proxy user does
> not have rights to write groupMembership to users. I'm trying to
> find out if we can get our hands on native eDirectory tools that keep
> groupMembership of posixAccount and member of posixGroup in sync.
>
> Still, if groupOf/groupMembership is not required by rfc2307bis, it
> would be nice if SSSD did not require it.
Yes, we should handle this gracefully, at least through an option.
> If a user has a groupOf/groupMembership attribute pointing to a group
> outside of ldap_group_search_base, will this be handled gracefully?
Yes, the entry will simply be ignored if not resolvable.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list