On (04/08/15 07:11), Janelle wrote:
>I too have seen this same unique "bug". My guess is, you have compatibility
>mode enabled AND you used the GUI to manipulate the group memberships. I have
>found this to be buggy. Using CLI based commands did not have the same
>results. However, once the 2 trees - "cn=accounts" and "cn=compat" are no
>longer in sync, I have found the only way to fix this is with ldapmodify
>commands, since neither the GUI nor the command line tools believe the users
>are in the groups in question anymore.
It really sounds like a bug.
Did you try to call "id user" on ipa server?
I'm curious which uid/gid are returned from sssd.
If the uid/gid are correct does it help to restart
directory server (or ipa)?
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project