Re: [Freeipa-users] External group membership

Thu, 23 Apr 2015 10:44:41 -0700 

On 04/22/2015 01:21 PM, Benjamen Keroack wrote:

Hi Dmitri,
I'd be happy to test sssd 1.13 alpha. Is there any easy was to install on Ubuntu, or do I need to pull and compile from source?
Fo alpha you probably would need to go from source, but once 1.13 released the disrto owners do a great job of keeping up with the upstream. 
Please watch for the announcements on the list.



Thanks,
On Fri, Apr 17, 2015 at 9:07 PM, Dmitri Pal <[email protected] <mailto:[email protected]>> wrote: 

    On 04/17/2015 09:12 PM, Benjamen Keroack wrote:

    Hi,

    We have a number of local groups on our IPA-managed servers that
    we add LDAP/IPA users to. This works fine locally on the server
    on an ad hoc basis:

    $ usermod -a -G local-group test.user

    However I'm trying to do this as part of user provisioning in IPA
    via user groups. I've created external user groups in IPA, then
    added those external groups to the user groups that new users are
    added to via automember rules. For example:

    local-group [external] -> [is a member of] -> developers [IPA group]

    Then I SSH into one of the servers as a user who is a member of
    developers:

    test.user@qa$ groups
    test.user developers qa_users

    I do not see 'local-group' membership, even after restarting
    sssd/rebooting. Is it possible to achieve this kind of automatic
    local group membership? The only alternative I can see would be
    to write a SUID binary that .bash_profile runs on login to add
    them to the applicable groups, which seems like a bad hack.

    This is IPA 4.1.0 running on RHEL 7.1. Client servers are Ubuntu
    Trusty.

    Thanks for any help,
-- Benjamen Keroack 
    /Infrastructure/DevOps Engineer/
    [email protected] <mailto:[email protected]>





    It looks like you are looking for this:
    https://fedorahosted.org/sssd/ticket/1591
    It is on the roadmap for 1.13 alpha which should be out in couple
    months.
    Would you be interested to test?
-- Thank you, 
    Dmitri Pal

    Sr. Engineering Manager IdM portfolio
    Red Hat, Inc.


    --
    Manage your subscription for the Freeipa-users mailing list:
    https://www.redhat.com/mailman/listinfo/freeipa-users
    Go to http://freeipa.org for more info on the project




--
Benjamen Keroack
/Infrastructure/DevOps Engineer/
[email protected] <mailto:[email protected]>




--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to