On 04/17/2015 09:12 PM, Benjamen Keroack wrote:
Hi,
We have a number of local groups on our IPA-managed servers that we
add LDAP/IPA users to. This works fine locally on the server on an ad
hoc basis:
$ usermod -a -G local-group test.user
However I'm trying to do this as part of user provisioning in IPA via
user groups. I've created external user groups in IPA, then added
those external groups to the user groups that new users are added to
via automember rules. For example:
local-group [external] -> [is a member of] -> developers [IPA group]
Then I SSH into one of the servers as a user who is a member of
developers:
test.user@qa$ groups
test.user developers qa_users
I do not see 'local-group' membership, even after restarting
sssd/rebooting. Is it possible to achieve this kind of automatic local
group membership? The only alternative I can see would be to write a
SUID binary that .bash_profile runs on login to add them to the
applicable groups, which seems like a bad hack.
This is IPA 4.1.0 running on RHEL 7.1. Client servers are Ubuntu Trusty.
Thanks for any help,
--
Benjamen Keroack
/Infrastructure/DevOps Engineer/
benja...@dollarshaveclub.com <mailto:benja...@dollarshaveclub.com>
It looks like you are looking for this:
https://fedorahosted.org/sssd/ticket/1591
It is on the roadmap for 1.13 alpha which should be out in couple months.
Would you be interested to test?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project