[Freeipa-users] AD users not visible in FreeIPA mapped group

[Jakub Hrozek]

On Wed, Jul 15, 2015 at 01:09:42PM -0700, Angelo Pantano wrote:
> SSSD is able to evaluate group membership, but if for instance I create a
> view for my user and I add a ssh public key I can only use it to login
> passwordless in the IPA server, not on an IPA client. The password still
> works, but I see nothing in the sssd logs that explains why the pubkey was
> rejected on the IPA client. Could be that the client is not really aware
> that there is a view override? I thought that the external mapping would
> facilitate this..

The views usage is new to me in this thread. Please note there was a
number of bugs in the views functionality in 7.1 that were not fixes in
a 7.1.z stream so far. If you have a test setup, then it would be best
to try and reproduce the bug with the latest 1.12 packages from a COPR
repo we have. Would that be possible?