<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 04/22/2015 01:21 PM, Benjamen
Keroack wrote:<br>
</div>
<blockquote
cite="mid:CAHz7M2rmYL67iZKT7R98i0EYAtZLJyHrUduiSH3CBtFmzm_uwg@mail.gmail.com"
type="cite">
<div dir="ltr">Hi Dmitri,
<div><br>
</div>
<div>I'd be happy to test sssd 1.13 alpha. Is there any easy was
to install on Ubuntu, or do I need to pull and compile from
source?</div>
</div>
</blockquote>
<br>
Fo alpha you probably would need to go from source, but once 1.13
released the disrto owners do a great job of keeping up with the
upstream.<br>
Please watch for the announcements on the list.<br>
<br>
<blockquote
cite="mid:CAHz7M2rmYL67iZKT7R98i0EYAtZLJyHrUduiSH3CBtFmzm_uwg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Thanks,</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Apr 17, 2015 at 9:07 PM, Dmitri
Pal <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>
<div class="h5">
<div>On 04/17/2015 09:12 PM, Benjamen Keroack wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi,
<div><br>
</div>
<div>We have a number of local groups on our
IPA-managed servers that we add LDAP/IPA users
to. This works fine locally on the server on an
ad hoc basis:</div>
<div><br>
</div>
<div>$ usermod -a -G local-group test.user</div>
<div><br>
</div>
<div>However I'm trying to do this as part of user
provisioning in IPA via user groups. I've
created external user groups in IPA, then added
those external groups to the user groups that
new users are added to via automember rules. For
example:</div>
<div><br>
</div>
<div>local-group [external] -> [is a member of]
-> developers [IPA group]</div>
<div><br>
</div>
<div>Then I SSH into one of the servers as a user
who is a member of developers:</div>
<div><br>
</div>
<div>test.user@qa$ groups</div>
<div>test.user developers qa_users</div>
<div><br>
</div>
<div>I do not see 'local-group' membership, even
after restarting sssd/rebooting. Is it possible
to achieve this kind of automatic local group
membership? The only alternative I can see would
be to write a SUID binary that .bash_profile
runs on login to add them to the applicable
groups, which seems like a bad hack.</div>
<div><br>
</div>
<div>This is IPA 4.1.0 running on RHEL 7.1. Client
servers are Ubuntu Trusty.</div>
<div>
<div><br>
</div>
<div>Thanks for any help,</div>
<div><br>
</div>
-- <br>
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>Benjamen Keroack</div>
<div><i>Infrastructure/DevOps Engineer</i></div>
<div><a moz-do-not-send="true"
href="mailto:benjamen@dollarshaveclub.com"
target="_blank">benjamen@dollarshaveclub.com</a></div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote>
<br>
</div>
</div>
It looks like you are looking for this: <a
moz-do-not-send="true"
href="https://fedorahosted.org/sssd/ticket/1591"
target="_blank">https://fedorahosted.org/sssd/ticket/1591</a><br>
It is on the roadmap for 1.13 alpha which should be out in
couple months.<br>
Would you be interested to test?<span class="HOEnZb"><font
color="#888888"><br>
<br>
<pre cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</font></span></div>
<br>
--<br>
Manage your subscription for the Freeipa-users mailing list:<br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
Go to <a moz-do-not-send="true" href="http://freeipa.org"
target="_blank">http://freeipa.org</a> for more info on
the project<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>Benjamen Keroack</div>
<div><i>Infrastructure/DevOps Engineer</i></div>
<div><a moz-do-not-send="true"
href="mailto:benjamen@dollarshaveclub.com"
target="_blank">benjamen@dollarshaveclub.com</a></div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>