[Freeipa-users] External group membership

Benjamen Keroack benjamen at dollarshaveclub.com
Wed Apr 22 17:21:40 UTC 2015 

Hi Dmitri,

I'd be happy to test sssd 1.13 alpha. Is there any easy was to install on
Ubuntu, or do I need to pull and compile from source?

Thanks,

On Fri, Apr 17, 2015 at 9:07 PM, Dmitri Pal <dpal at redhat.com> wrote:

>  On 04/17/2015 09:12 PM, Benjamen Keroack wrote:
>
> Hi,
>
>  We have a number of local groups on our IPA-managed servers that we add
> LDAP/IPA users to. This works fine locally on the server on an ad hoc basis:
>
>  $ usermod -a -G local-group test.user
>
>  However I'm trying to do this as part of user provisioning in IPA via
> user groups. I've created external user groups in IPA, then added those
> external groups to the user groups that new users are added to via
> automember rules. For example:
>
>  local-group [external] -> [is a member of] -> developers [IPA group]
>
>  Then I SSH into one of the servers as a user who is a member of
> developers:
>
>  test.user at qa$ groups
> test.user developers qa_users
>
>  I do not see 'local-group' membership, even after restarting
> sssd/rebooting. Is it possible to achieve this kind of automatic local
> group membership? The only alternative I can see would be to write a SUID
> binary that .bash_profile runs on login to add them to the applicable
> groups, which seems like a bad hack.
>
>  This is IPA 4.1.0 running on RHEL 7.1. Client servers are Ubuntu Trusty.
>
>  Thanks for any help,
>
>  --
>   Benjamen Keroack
> *Infrastructure/DevOps Engineer*
> benjamen at dollarshaveclub.com
>
>
>
>
> It looks like you are looking for this:
> https://fedorahosted.org/sssd/ticket/1591
> It is on the roadmap for 1.13 alpha which should be out in couple months.
> Would you be interested to test?
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>



-- 
Benjamen Keroack
*Infrastructure/DevOps Engineer*
benjamen at dollarshaveclub.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150422/04a65eab/attachment.htm>

More information about the Freeipa-users mailing list