On 02/17/2013 03:10 PM, Jan-Frode Myklebust wrote:
> I have the following sssd backend:
>
> ------------------------------------------------------------
>
> domains = IPALDAP
>
> [domain/IPALDAP]
> id_provider = ldap
> auth_provider = ldap
> ldap_schema = IPA
> ldap_uri = ldap://ipa1.example.net, ldap://ipa2.example.net
> ldap_search_base = dc=example,dc=net
> ldap_user_search_base = cn=users,cn=accounts,dc=example,dc=net
> ldap_netgroup_search_base = cn=ng,cn=compat,dc=example,dc=net
> ldap_tls_cacert = /etc/ipa/ca.crt
> ldap_tls_reqcert = demand
> cache_credentials = false
> enumerate = true
> debug_level = 5
> ------------------------------------------------------------
>
> Why isn't "emilb" a member of the systemagic group???
>
> # getent group|grep systema
> systemagic:*:10031:johanl,martinh
>
>
> # ldapsearch -x -h ipa1.example.net -b cn=accounts,dc=example,dc=net
> # cn=systemagic
> # extended LDIF
> #
> # LDAPv3
> # base <cn=accounts,dc=example,dc=net> with scope subtree
> # filter: cn=systemagic
> # requesting: ALL
> #
>
> # systemagic, groups, accounts, example.net
> dn: cn=systemagic,cn=groups,cn=accounts,dc=example,dc=net
> objectClass: ipaobject
> objectClass: top
> objectClass: groupofuniquenames
> objectClass: ipausergroup
> objectClass: posixgroup
> objectClass: groupofnames
> objectClass: nestedgroup
> memberUid: susannek
> memberUid: martinh
> memberUid: johanl
> gidNumber: 10031
> cn: systemagic
> ipaUniqueID: 329e0b6e-9ec5-11e1-8777-525400b94ff0
> member: uid=johanl,cn=users,cn=accounts,dc=example,dc=net
> member: uid=martinh,cn=users,cn=accounts,dc=example,dc=net
> member: uid=emilb,cn=users,cn=accounts,dc=example,dc=net
>
> # search result
> search: 2
> result: 0 Success

1) What versions you have?

2) Do you need enumeration to be turned on?
We recommend it off unless very specific use cases.

3) Can you turn on debug level on SSSD to 9 and search debug logs
/var/log/sssd and see what happens to this group?
I suspect it is either bug that might have been fixed or the group is
filtered for some reason.

>
>
>   -jf
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to