[Freeipa-users] dereference processing failed : Invalid argument
nathan at nathanpeters.com
nathan at nathanpeters.com
Wed May 27 21:22:34 UTC 2015
I have a CentOS 6.3 client with sssd 1.11.6-30.el6_6.4 installed and when
one of my FreeIPA users tries to sudo (he has permissions via group
membership) I get the following error in /var/log/messages
May 27 20:51:34 ipaclient sssd[be[mydomain.net]]: dereference processing
failed : Invalid argument
I have read that this is a known bug
(https://bugzilla.redhat.com/show_bug.cgi?id=1154042) and that the
suggested fix is to add the following line to the domain section of the
sssd.conf :
ldap_group_object_class = ipaUserGroup
I tried adding that and then restarting the client, but it did not fix the
problem. I have also read that this problem may only apply to POSIX
groups so I removed my user from all POSIX groups, added him to non posix
groups and then created some new sudo rules and hbac rules. I restarted
the client again and still had the same issue where I could login but not
sudo.
Is there a known workaround that actually works?
I see this bug is supposed to be fixed in sssd 1.11.8. Is this version of
sssd going to be released into any repo for CentOS 6?
I just had a look at the CentOS 6 updates repo and sssd is still at 1.11.6-30
More information about the Freeipa-users
mailing list