On Wed, Jul 31, 2013 at 03:27:41PM +0300, Vitaly wrote:
> Jakub, many thanks!
> 
> >Interesting, can you run ipa user-show --all --raw myuser and check if
> >all three groups are visible as values of the "memberof" attribute? I
> >suspect they will..
> Yes, all 3 groups are visible
> 
> >If they do, can you then put debug_level=7 to the [domain] section of
> >sssd.conf, restart sssd and attach or paste the logs from /var/log/sssd
> 
> As far as I see  for problematic group3
> 
> ........
> (Wed Jul 31 12:10:39 2013) [sssd[be[example.com]]]
> [sdap_initgr_nested_search] (2): Search for group
> cn=group3,cn=groups,cn=accounts,
> ,dc=example,dc=com, returned 0 results. Skipping
> .......
> 
> So I tried on my IPA client "getent  group group2/3" -  there is an
> answer for group2, but not for group3. Interesting...
> In IPA server "ipa group-show group2/3 "  show similar output for both
> groups, including members.
> 
> 
> 
> 

Does the group have posix GID?

> Jakub, if you agree, I'll send you log to your email, I prefer do not
> post it to the list.

Sure, that's fine.

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to