On Wed, Jul 31, 2013 at 03:27:41PM +0300, Vitaly wrote:
> Jakub, many thanks!
> >Interesting, can you run ipa user-show --all --raw myuser and check if
> >all three groups are visible as values of the "memberof" attribute? I
> >suspect they will..
> Yes, all 3 groups are visible
> >If they do, can you then put debug_level=7 to the [domain] section of
> >sssd.conf, restart sssd and attach or paste the logs from /var/log/sssd
> As far as I see for problematic group3
> (Wed Jul 31 12:10:39 2013) [sssd[be[example.com]]]
> [sdap_initgr_nested_search] (2): Search for group
> ,dc=example,dc=com, returned 0 results. Skipping
> So I tried on my IPA client "getent group group2/3" - there is an
> answer for group2, but not for group3. Interesting...
> In IPA server "ipa group-show group2/3 " show similar output for both
> groups, including members.
Does the group have posix GID?
> Jakub, if you agree, I'll send you log to your email, I prefer do not
> post it to the list.
Sure, that's fine.
Freeipa-users mailing list