Hi Dmitri, I'd be happy to test sssd 1.13 alpha. Is there any easy was to install on Ubuntu, or do I need to pull and compile from source?
Thanks, On Fri, Apr 17, 2015 at 9:07 PM, Dmitri Pal <[email protected]> wrote: > On 04/17/2015 09:12 PM, Benjamen Keroack wrote: > > Hi, > > We have a number of local groups on our IPA-managed servers that we add > LDAP/IPA users to. This works fine locally on the server on an ad hoc basis: > > $ usermod -a -G local-group test.user > > However I'm trying to do this as part of user provisioning in IPA via > user groups. I've created external user groups in IPA, then added those > external groups to the user groups that new users are added to via > automember rules. For example: > > local-group [external] -> [is a member of] -> developers [IPA group] > > Then I SSH into one of the servers as a user who is a member of > developers: > > test.user@qa$ groups > test.user developers qa_users > > I do not see 'local-group' membership, even after restarting > sssd/rebooting. Is it possible to achieve this kind of automatic local > group membership? The only alternative I can see would be to write a SUID > binary that .bash_profile runs on login to add them to the applicable > groups, which seems like a bad hack. > > This is IPA 4.1.0 running on RHEL 7.1. Client servers are Ubuntu Trusty. > > Thanks for any help, > > -- > Benjamen Keroack > *Infrastructure/DevOps Engineer* > [email protected] > > > > > It looks like you are looking for this: > https://fedorahosted.org/sssd/ticket/1591 > It is on the roadmap for 1.13 alpha which should be out in couple months. > Would you be interested to test? > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IdM portfolio > Red Hat, Inc. > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -- Benjamen Keroack *Infrastructure/DevOps Engineer* [email protected]
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
