On 02/17/2013 11:33 AM, Michael Ströder wrote: > HI! > > We're running Debian systems with old sssd 1.2.1 shipped in Debian Squeeze. > This works most of the times with getent passwd and getent group together with > uncached sudo-ldap data. So the data is in place and can be correctly > retrieved by sssd via LDAP. > > Since this old sssd version has some problems and does not have SUDO support > we're looking at upgrading to 1.9.4. > > My colleague prepared back-ported Debian packages of 1.9.4 I'm testing with. > > But I'm struggling that groups are not correctly retrieved - see my last > attempt of sssd.conf attached. > > 1. After login id does not show the user's groups although the OpenLDAP logs > show that group entries are searched and returned to sssd by OpenLDAP's slapd. > > 2. sudo -l -U username does not work although the OpenLDAP logs show that > sudoRole entries are searched and returned to sssd by OpenLDAP's slapd. > > I wonder whether https://fedorahosted.org/sssd/ticket/1664 is relevant in my > case but playing with several values for filter_users_in_groups and enumerate > did not help. > > Ciao, Michael.
Have you tried without enumeration? Does it work for you? > > > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/sssd-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
