Most of our groups are memberUid not uniqueMember so I added this to sssd.conf:
ldap_group_member = memberUid "id user" now returns all groups! So this is now working! Thanks, Douglas Duckworth, MSc, LFCS HPC System Administrator Scientific Computing Unit Physiology and Biophysics Weill Cornell Medicine E: [email protected] O: 212-746-6305 F: 212-746-8690 On Thu, Mar 2, 2017 at 8:16 AM, Douglas Duckworth <[email protected]> wrote: > Hello > > I am expericing the issue described in this article https://access.redhat. > com/solutions/49876 though we already have ldap_group_member = > uniqueMember defined in sssd.conf. > > User's primary group membership is shown by using getent user though > getent group does not show group members. I though I was finished tuning > sssd.conf though this became an issue yesterday. Members of this listserv > have been extremely helpful and so I owe much of my progress to this great > community. > > Anyway, I think the problem's with my schema. > > In LDAP I see: > > dn: ou=webgroups,base > objectClass: organizationalUnit > ou: webgroups > > dn: cn=groups,ou=webgroups,base > objectClass: top > objectClass: groupOfUniqueNames > cn: blah > uniqueMember: uid=blah > > This makes me think we're using rfc2307 though below this entry I see: > > dn: cn=gaussrun,ou=Group,base > objectClass: posixGroup > objectClass: top > cn: blah > gidNumber: gid > memberUid: blah > > How can SSSD work with both memberUid and uniqueMember as well as > different object classes for groups? I obviously inherited this LDAP > server which we are replacing soon. > > Thanks, > > Douglas Duckworth, MSc, LFCS > HPC System Administrator > Scientific Computing Unit > Physiology and Biophysics > Weill Cornell Medicine > E: [email protected] > O: 212-746-6305 <(212)%20746-6305> > F: 212-746-8690 <(212)%20746-8690> >
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
