On 02/17/2013 03:10 PM, Jan-Frode Myklebust wrote: > I have the following sssd backend: > > ------------------------------------------------------------ > > domains = IPALDAP > > [domain/IPALDAP] > id_provider = ldap > auth_provider = ldap > ldap_schema = IPA > ldap_uri = ldap://ipa1.example.net, ldap://ipa2.example.net > ldap_search_base = dc=example,dc=net > ldap_user_search_base = cn=users,cn=accounts,dc=example,dc=net > ldap_netgroup_search_base = cn=ng,cn=compat,dc=example,dc=net > ldap_tls_cacert = /etc/ipa/ca.crt > ldap_tls_reqcert = demand > cache_credentials = false > enumerate = true > debug_level = 5 > ------------------------------------------------------------ > > Why isn't "emilb" a member of the systemagic group??? > > # getent group|grep systema > systemagic:*:10031:johanl,martinh > > > # ldapsearch -x -h ipa1.example.net -b cn=accounts,dc=example,dc=net > # cn=systemagic > # extended LDIF > # > # LDAPv3 > # base <cn=accounts,dc=example,dc=net> with scope subtree > # filter: cn=systemagic > # requesting: ALL > # > > # systemagic, groups, accounts, example.net > dn: cn=systemagic,cn=groups,cn=accounts,dc=example,dc=net > objectClass: ipaobject > objectClass: top > objectClass: groupofuniquenames > objectClass: ipausergroup > objectClass: posixgroup > objectClass: groupofnames > objectClass: nestedgroup > memberUid: susannek > memberUid: martinh > memberUid: johanl > gidNumber: 10031 > cn: systemagic > ipaUniqueID: 329e0b6e-9ec5-11e1-8777-525400b94ff0 > member: uid=johanl,cn=users,cn=accounts,dc=example,dc=net > member: uid=martinh,cn=users,cn=accounts,dc=example,dc=net > member: uid=emilb,cn=users,cn=accounts,dc=example,dc=net > > # search result > search: 2 > result: 0 Success
1) What versions you have? 2) Do you need enumeration to be turned on? We recommend it off unless very specific use cases. 3) Can you turn on debug level on SSSD to 9 and search debug logs /var/log/sssd and see what happens to this group? I suspect it is either bug that might have been fixed or the group is filtered for some reason. > > > -jf > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
