On Wed, Jul 31, 2013 at 03:27:41PM +0300, Vitaly wrote: > Jakub, many thanks! > > >Interesting, can you run ipa user-show --all --raw myuser and check if > >all three groups are visible as values of the "memberof" attribute? I > >suspect they will.. > Yes, all 3 groups are visible > > >If they do, can you then put debug_level=7 to the [domain] section of > >sssd.conf, restart sssd and attach or paste the logs from /var/log/sssd > > As far as I see for problematic group3 > > ........ > (Wed Jul 31 12:10:39 2013) [sssd[be[example.com]]] > [sdap_initgr_nested_search] (2): Search for group > cn=group3,cn=groups,cn=accounts, > ,dc=example,dc=com, returned 0 results. Skipping > ....... > > So I tried on my IPA client "getent group group2/3" - there is an > answer for group2, but not for group3. Interesting... > In IPA server "ipa group-show group2/3 " show similar output for both > groups, including members. > > > >
Does the group have posix GID? > Jakub, if you agree, I'll send you log to your email, I prefer do not > post it to the list. Sure, that's fine. _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
