[Freeipa-users] External group membership
Dmitri Pal
dpal at redhat.com
Thu Apr 23 17:38:13 UTC 2015
On 04/22/2015 01:21 PM, Benjamen Keroack wrote:
> Hi Dmitri,
>
> I'd be happy to test sssd 1.13 alpha. Is there any easy was to install
> on Ubuntu, or do I need to pull and compile from source?
Fo alpha you probably would need to go from source, but once 1.13
released the disrto owners do a great job of keeping up with the upstream.
Please watch for the announcements on the list.
>
> Thanks,
>
> On Fri, Apr 17, 2015 at 9:07 PM, Dmitri Pal <dpal at redhat.com
> <mailto:dpal at redhat.com>> wrote:
>
> On 04/17/2015 09:12 PM, Benjamen Keroack wrote:
>> Hi,
>>
>> We have a number of local groups on our IPA-managed servers that
>> we add LDAP/IPA users to. This works fine locally on the server
>> on an ad hoc basis:
>>
>> $ usermod -a -G local-group test.user
>>
>> However I'm trying to do this as part of user provisioning in IPA
>> via user groups. I've created external user groups in IPA, then
>> added those external groups to the user groups that new users are
>> added to via automember rules. For example:
>>
>> local-group [external] -> [is a member of] -> developers [IPA group]
>>
>> Then I SSH into one of the servers as a user who is a member of
>> developers:
>>
>> test.user at qa$ groups
>> test.user developers qa_users
>>
>> I do not see 'local-group' membership, even after restarting
>> sssd/rebooting. Is it possible to achieve this kind of automatic
>> local group membership? The only alternative I can see would be
>> to write a SUID binary that .bash_profile runs on login to add
>> them to the applicable groups, which seems like a bad hack.
>>
>> This is IPA 4.1.0 running on RHEL 7.1. Client servers are Ubuntu
>> Trusty.
>>
>> Thanks for any help,
>>
>> --
>> Benjamen Keroack
>> /Infrastructure/DevOps Engineer/
>> benjamen at dollarshaveclub.com <mailto:benjamen at dollarshaveclub.com>
>>
>>
>>
>
> It looks like you are looking for this:
> https://fedorahosted.org/sssd/ticket/1591
> It is on the roadmap for 1.13 alpha which should be out in couple
> months.
> Would you be interested to test?
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
>
>
>
> --
> Benjamen Keroack
> /Infrastructure/DevOps Engineer/
> benjamen at dollarshaveclub.com <mailto:benjamen at dollarshaveclub.com>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150423/1ac5ee9c/attachment.htm>
More information about the Freeipa-users
mailing list