On Fri, Nov 14, 2014 at 03:38:47PM +0000, Darren Poulson wrote: > > > > > OK, if the user is a direct member of the groups and the groups are all > > POSIX (=they all have a GID), then I would expect the group membership > > to show all users. > > > > Can you try setting ldap_deref_threshold=0 and re-running the test? It > > would also be best if you could remove the sssd cache first. > > Ok, I added that into a [povider/ldap] block, but no change to the behaviour. > I even cleared cache, rebooted, and tried again just for a bit of overkill. > > ipausers isn't a posix group, but the rest are. I removed ipausers for that > user to make sure that wasn't causing an issue. > > >
OK, at this point I think we need to see the SSSD debug logs... Can you put debug_level=7 to the [nss] and [domain] sections, remove the cache, restart sssd and then run id? Then attach the contents of /var/log/sssd/*.log ... -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
