I cannot get memberof attribute for external users from one-way trust with AD.
I have an external group ad_grafana_external with users [email protected] and [email protected] from AD. This group is a member of group ad_grafana: ldapsearch -W -D "uid=admin,cn=users,cn=accounts,dc=mytest,dc=local" '(cn=ad_grafana)' | grep member member: cn=ad_grafana_external,cn=groups,cn=accounts,dc=mytest,dc=local I can see that AD users are members of ad_grafana group: getent group ad_grafana ad_grafana:*:105800310:[email protected],[email protected] But I cannot get memberof attribute for this external users: # ldapsearch -W -D "uid=admin,cn=users,cn=accounts,dc=mytest,dc=local" '([email protected])' # extended LDIF # # LDAPv3 # base <dc=mytest,dc=local> (default) with scope subtree # filter: ([email protected]) # requesting: ALL # # [email protected], users, compat, m.mcs.im dn: [email protected],cn=users,cn=compat,dc=mytest,dc=local objectClass: posixAccount objectClass: ipaOverrideTarget objectClass: top gecos: adtest2 adtest2 cn: adtest2 adtest2 uidNumber: 140601109 gidNumber: 140601109 homeDirectory: /home/adtest.local/adtest2 ipaAnchorUUID:: OlNJRDpTLTEtNS0yMS0yNjExMDg4Ny0yODU2MDIzNTY0LTI5MTIyOTUzNjYtMT EwOQ== uid: [email protected] # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 Is it possible to add memberof attrubutes to external users? This is needed to authenticate them in web applications such as Grafana and Gitlab in my case. FreeIPA version: 4.6.8-5 OS: CentOS Linux release 7.7.1908 (Core) _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
