On Mon, 13 Jul 2015, Angelo Pantano wrote:
I have the same entry there, my question is that I don't understand why it
doesn't it give me any visibility of the AD users mapped in that group, I
mean I just see that entry, but what's that supposed to do? It doesn't
really change anything with or without, I am missing the supposed value of
having the AD users mapped in a FreeIPA posix group.

I was expecting to see the AD users in that group, but I got nothing.. I'm
a bit confused
Read the documentation.

Once you added AD user or group as external member of an external IPA
group and then added this group as a member of IPA POSIX group, the user
belonging to AD group would appear as a member of IPA POSIX group:

# id administra...@adx.test
uid=1878600500(administra...@adx.test)
gid=1878600500(administra...@adx.test)
groups=1878600500(administra...@adx.test),1878600520(group policy
creator own...@adx.test),1878600519(enterprise
adm...@adx.test),1878600512(domain adm...@adx.test),1878600518(schema
adm...@adx.test),1878600513(domain us...@adx.test),1634400007(ad_admins)

You wouldn't see this in the web UI because web UI is showing what is in
the LDAP, not what is visible in the system when SSSD evaluates the
group membership.
--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to