Red Hat Enterprise Linux Server release 7.3 ipa-server-4.4.0-14.el7_3.4.x86_64 389-ds-base-1.3.5.10-15.el7_3.x86_64 sssd-1.14.0-43.el7_3.11.x86_64
I have noticed some odd behavior when I perform ldap searches in the compat tree for groups. I have approximately 20 posix groups including the default "admins" group. The default admins group comprises of the default admin user and a single group called "unixadmins". The unixadmins group is a posix group and has one member called "winadmins". The winadmins group is an external group type which contains one external group called "winadm...@mywindomain.com". That group on the windows domain has 2 members: 123...@mywindomain.com and 234...@mywindomain.com. When i perform a search in the compat tree, I see multiple memberUID entries which are: admin 123...@mywindomain.com 234...@mywindomain.com This is what I am looking for. However, when I look at the compat tree entry for "unixadmins" (the posix group used in the admins group), I don't see any memberUID entries at all. This is the same result for all the other posix groups which have a similar setup. When I perform a "id 123...@mywindomain.com" I see that the user belongs to the "admins", "unixadmins" and another posix group (I can also verify this by looking at the users accounts tree). On a hunch, I added the "admin" user to the unixadmins group and the other posix group and now when I query the group compat tree then i see an entry with the memberUid showing both the admin user and the windows users (ie 123...@mywindomain.com and 234...@mywindomain.com) Is this a bug ? Rob Johnson
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org