I do not use ldap_group_name in IPA. I'll describe bellow an example for an override , because probably it all has to do with the 'sAMAccountName' :
Example of user and group in AD: user: testuser - AD name 'testuser' - AD 'sAMAccountName' 'testuser' - uidNumber:23634 gidNumber:23634 group: testuser - AD name 'testuser' - AD 'sAMAccountName' 'ux-testuser' - gidNumber: 23634 Example of the override for the above mentioned user in IPA (Default Trust View) User to override: [email protected] User Login: testuser UID: 23634 GID: 23634 The question is how should the override look like or what do I need to change in AD in order to have it working properly ? Is that override according to the IPA prerequisites for override ? Now , as I mentioned , the behaviour is different in different sssd versions and I can only make it work if I run 'getent group testuser' before and playing with caches on both IPA server and IPA client. _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
