[Freeipa-users] issues with secondary groups? (sssd)
Janelle
janellenicole80 at gmail.com
Sat Feb 28 19:07:20 UTC 2015
Hello,
I was wondering - I have searched around and seen a few questions and
solutions, but nothing I try is fixing my environment.
Things have been working quite well with IPA 4.0.5, simple things with
auth and logins - some with full ipa-client-install configured, others
just using LDAP and that is where the strangeness comes from.
with full IPA client integration, secondary groups work just find, as do
base commands like "id" and "getent". However, the "ldap" users, never
show the secondary group for their uid?
Any pointers you might suggest? I have tried the sssd.conf of
"ldap_group_member = uniqeMember" - no change.
a simple secondary group is defined:
dn: cn=web_users,cn=groups,cn=accounts,dc=example,dc=com
cn: web_users
objectClass: ipaobject
objectClass: extensibleobject
objectClass: top
objectClass: ipausergroup
objectClass: posixgroup
objectClass: groupofnames
objectClass: nestedgroup
memberUid: user1
memberUid: user2
memberUid: user3
memberUid: user4
memberUid: user5
member: uid=user1,cn=users,cn=accounts,dc=example,dc=com
member: uid=user2,cn=users,cn=accounts,dc=example,dc=com
member: uid=user3,cn=users,cn=accounts,dc=example,dc=com
member: uid=user4,cn=users,cn=accounts,dc=example,dc=com
member: uid=user5,cn=users,cn=accounts,dc=example,dc=com
and yet with debug_level = 7 -- sssd still says:
[sdap_process_ghost_members] (0x0400): Group has 0 members
and "id" or "getent" of any of user1..5 just returns the primary GID.
Any ideas? Tips? What else might you want to see?
~J
More information about the Freeipa-users
mailing list