I'm using the 2307 schema on the server. The sssd config is fairly straightforward:
[domain/default] #cache_credentials = True ldap_search_base = dc=myexample,dc=com id_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldaps://server_url/ tls_reqcert = demand ldap_tls_cacertdir = /etc/openldap/cacerts ldap_default_bind_dn = xxxxxxx ldap_default_authtok_type = password ldap_default_authtok = xxxxxxx [sssd] services = nss, pam config_file_version = 2 domains = default [nss] #filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd I found this ticket which reports a similar problem, but, according to the comments it should be fixed for one of the versions I'm using (1.11.6): https://fedorahosted.org/sssd/ticket/1020 Thanks for the help, --Tavi On Wed, Nov 26, 2014 at 11:35 AM, Dmitri Pal <[email protected]> wrote: > On 11/26/2014 12:37 PM, Octavian Afilipoai wrote: > > Is this a known issue? Does anybody have a solution for this? > > > I thought there was a ticket about this in SSSD but I can't find it. > I vaguely remember that there was something couple years ago. > > What is your server schema? 2307? Or 2307bis? > How do you configure SSSD? > > > Thanks, > --Tavi > > On Thu, Nov 20, 2014 at 4:13 PM, Octavian Afilipoai <[email protected]> > wrote: > >> Hello, >> >> >> I'm trying to include a user "local" defined in /etc/passwd in a ldap >> group called "test" by adding a memberUid in the group definition. >> >> With the getent command I see the change: >> >> >getent group test >> test:*:3000:local >> >> However when I run the id command for user local the group test is not >> shown. Only the locally defined group "local" is listed. Also accessing >> resources which require membership to group test fails. >> >> >id local >> uid=1000(local) gid=1000(local) groups=1000(local) >> >> I don't have this issue with users defined on the ldap server (the id >> command lists all the groups they are members of). The behavior is the same >> with sssd 1.11.6 on CentOS 6.6 and sssd 1.9.2 on Centos 6.5. >> >> On different machines (Centos 5.x and DebianWheezy) the local user >> shows up with the correct ldap groups, but those systems don't use sssd to >> bind to the ldap server. >> >> The version of the server is OpenLDAP 2.4.31 >> >> Is there anything in the configuration file which would enabled this >> behavior with sssd? Any help is appreciated. >> >> >> --Tavi >> > > > > _______________________________________________ > sssd-users mailing > [email protected]https://lists.fedorahosted.org/mailman/listinfo/sssd-users > > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IdM portfolio > Red Hat, Inc. > > > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/sssd-users > >
_______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
