[Freeipa-users] AD users not visible in FreeIPA mapped group
Alexander Bokovoy
abokovoy at redhat.com
Tue Jul 14 06:46:00 UTC 2015
On Mon, 13 Jul 2015, Angelo Pantano wrote:
>I have the same entry there, my question is that I don't understand why it
>doesn't it give me any visibility of the AD users mapped in that group, I
>mean I just see that entry, but what's that supposed to do? It doesn't
>really change anything with or without, I am missing the supposed value of
>having the AD users mapped in a FreeIPA posix group.
>
>I was expecting to see the AD users in that group, but I got nothing.. I'm
>a bit confused
Read the documentation.
Once you added AD user or group as external member of an external IPA
group and then added this group as a member of IPA POSIX group, the user
belonging to AD group would appear as a member of IPA POSIX group:
# id administrator at adx.test
uid=1878600500(administrator at adx.test)
gid=1878600500(administrator at adx.test)
groups=1878600500(administrator at adx.test),1878600520(group policy
creator owners at adx.test),1878600519(enterprise
admins at adx.test),1878600512(domain admins at adx.test),1878600518(schema
admins at adx.test),1878600513(domain users at adx.test),1634400007(ad_admins)
You wouldn't see this in the web UI because web UI is showing what is in
the LDAP, not what is visible in the system when SSSD evaluates the
group membership.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list