Am Thu, Dec 05, 2024 at 03:58:48PM -0800 schrieb Bob Green via sssd-devel: > sssd correctly identifies that an account is a member of a large 1501+ > member AD group via "id <account>". However getent group > <1501+_member_group> does not list the account. Only the first 1500 > members are displayed. Is this a limitation of getent group ? Or is > there a way to configure sssd to display all group members via getent > group <group>?
Hi, this is most probably a limit set on the AD side, see e.g. https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/view-set-ldap-policy-using-ntdsutil. HTH bye, Sumit > > AD groups are not nested. > OS: SUSE Linux Enterprise Server 12 SP5 > sssd version: 1.16.1 Release: 7.65.1 > > # cat /etc/sssd/sssd.conf > [sssd] > services = nss, pam > config_file_version = 2 > domains = DOM.CORP.COM > > [domain/DOM.CORP.COM] > entry_cache_timeout = 14400 > refresh_expired_interval = 10800 > cache_credentials = true > id_provider = ad > auth_provider = ad > access_provider = simple > dyndns_update = false > full_name_format = %1$s > use_fully_qualified_names = false > ldap_referrals = false > ldap_id_mapping = false > ldap_disable_range_retrieval = false > ldap_force_upper_case_realm = true > ldap_group_nesting_level = 0 > ldap_use_tokengroups = false > ldap_search_base = OU=my_ou,DC=dom,DC=corp,DC=com > krb5_canonicalize = false > krb5_validate = false > > Thanks, > Bob > -- > _______________________________________________ > sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org > To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue -- _______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
