[Freeipa-users] Compat tree and group membership in a trust environment
Loris Santamaria
loris at lgs.com.ve
Tue Sep 23 15:35:31 UTC 2014
Querying for group membership in the compat tree within a trust
environment seems to be rather flaky:
* userA and userB are members of admins at ad. admins at ad is member of
internet_access at ad
* internet_access at ad is member of internet_access_external at ad
* internet_access_external at ad is member of internet_access at ad
* I restart ipa and clear sssd cache on the master to start with a
clean compat tree
* searching for (&(objectClass=posixGroup)(memberUid=userA at ad))
returns that he is a member of internet_access at ipa (expected
result)
* searching for (&(objectClass=posixGroup)(memberUid=userB at ad))
doesn't return him as a member of internet_access at ipa
(unexpected)
If I restart ipa and clean sssd cache on the master and query first for
userB he gets the correct memberships, queries for subsequent users
(userA, userC) won't show if they are members of ipa groups.
IPA version is 3.3.3-28.el7 on Centos 7, AD is Server 2008.
Should I file a bug?
--
Loris Santamaria linux user #70506 xmpp:loris at lgs.com.ve
Links Global Services, C.A. http://www.lgs.com.ve
Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:103 at lgs.com.ve
------------------------------------------------------------
"If I'd asked my customers what they wanted, they'd have said
a faster horse" - Henry Ford
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5720 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140923/c4420046/attachment.bin>
More information about the Freeipa-users
mailing list