[Freeipa-users] Group membership not populated
Jakub Hrozek
jhrozek at redhat.com
Fri Nov 14 15:57:59 UTC 2014
On Fri, Nov 14, 2014 at 03:38:47PM +0000, Darren Poulson wrote:
>
> >
> > OK, if the user is a direct member of the groups and the groups are all
> > POSIX (=they all have a GID), then I would expect the group membership
> > to show all users.
> >
> > Can you try setting ldap_deref_threshold=0 and re-running the test? It
> > would also be best if you could remove the sssd cache first.
>
> Ok, I added that into a [povider/ldap] block, but no change to the behaviour. I even cleared cache, rebooted, and tried again just for a bit of overkill.
>
> ipausers isn't a posix group, but the rest are. I removed ipausers for that user to make sure that wasn't causing an issue.
>
>
>
OK, at this point I think we need to see the SSSD debug logs...
Can you put debug_level=7 to the [nss] and [domain] sections, remove the
cache, restart sssd and then run id? Then attach the contents of
/var/log/sssd/*.log ...
More information about the Freeipa-users
mailing list