Re: [Freeipa-users] Possible bug in SSSD/IPA/AD trust
On Tue, Aug 23, 2016 at 08:42:42AM +0200, Troels Hansen wrote: > > > - On Aug 11, 2016, at 3:56 PM, Jakub Hrozek jhro...@redhat.com wrote: > > > On Thu, Aug 11, 2016 at 03:11:10PM +0200, Troels Hansen wrote: > >> Hi, we are curretly workig on a larger IPA test project and I have a > >> problems > >> which have been buggin me for some time now: > > > > Which version? > > Most recent in Red Hat 7. > > SSSD 1.13.0-40.el7_2.12 > IPA 4.2.0-15.el7_2.18 > > >> > >> On the client we are have set "full_name_format = %1$s" to have users > >> presented > >> without the AD domain part. > >> However, this seems to make SSSD not lookup a users group membership? > > > > This only works with sssd-1.14+ > > > > But it actually works? According to my testing, yes > The username is presented correctly (without domain part) if set, and the > parameter is documented in `man sssd.conf`? It's been documented in sssd.conf in years, it's the full_name_format. The "only" issue is that it didn't work prior to 1.14 :-) > Only group lookup fails. > Shouldn't with 1.14, if it does, it may be a bug. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Possible bug in SSSD/IPA/AD trust
- On Aug 11, 2016, at 3:56 PM, Jakub Hrozek jhro...@redhat.com wrote: > On Thu, Aug 11, 2016 at 03:11:10PM +0200, Troels Hansen wrote: >> Hi, we are curretly workig on a larger IPA test project and I have a problems >> which have been buggin me for some time now: > > Which version? Most recent in Red Hat 7. SSSD 1.13.0-40.el7_2.12 IPA 4.2.0-15.el7_2.18 >> >> On the client we are have set "full_name_format = %1$s" to have users >> presented >> without the AD domain part. >> However, this seems to make SSSD not lookup a users group membership? > > This only works with sssd-1.14+ > But it actually works? The username is presented correctly (without domain part) if set, and the parameter is documented in `man sssd.conf`? Only group lookup fails. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Possible bug in SSSD/IPA/AD trust
On Thu, Aug 11, 2016 at 03:11:10PM +0200, Troels Hansen wrote: > Hi, we are curretly workig on a larger IPA test project and I have a problems > which have been buggin me for some time now: Which version? > > > On the client we are have set "full_name_format = %1$s" to have users > presented without the AD domain part. > However, this seems to make SSSD not lookup a users group membership? This only works with sssd-1.14+ -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project