On (27/05/15 14:22), nat...@nathanpeters.com wrote:
>I have a CentOS 6.3 client with sssd 1.11.6-30.el6_6.4 installed and when
>one of my FreeIPA users tries to sudo (he has permissions via group
>membership) I get the following error in /var/log/messages
>May 27 20:51:34 ipaclient sssd[be[mydomain.net]]: dereference processing
>failed : Invalid argument
>I have read that this is a known bug
>(https://bugzilla.redhat.com/show_bug.cgi?id=1154042) and that the
>suggested fix is to add the following line to the domain section of the
>ldap_group_object_class = ipaUserGroup
You cannot hit BZ1154042, because it is already fixed in 1.11.6-30.el6_6.4
>I tried adding that and then restarting the client, but it did not fix the
>problem. I have also read that this problem may only apply to POSIX
>groups so I removed my user from all POSIX groups, added him to non posix
>groups and then created some new sudo rules and hbac rules. I restarted
>the client again and still had the same issue where I could login but not
>Is there a known workaround that actually works?
>I see this bug is supposed to be fixed in sssd 1.11.8. Is this version of
>sssd going to be released into any repo for CentOS 6?
No 1.11.8 will not be release in CentOS 6. CentOS just rebuild rhel src.rpm
packages. However rhel 6.7-beta has already sssd-1.12.4-x.
If you want you can test with pre-release of upstream 1.12.5
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project