Looking through the API, I see that I can list the external members of a group via group_show but is there a way to list all the groups an external user is a member of without enumerating all groups and just looking for the external users? For instance when I'm logged in as an external user and type "id" the user's memberships in both AD and IPA are listed.
Thanks
On pe, 08 kesä 2018, Marc Boorshtein via FreeIPA-users wrote:
Looking through the API, I see that I can list the external members of a group via group_show but is there a way to list all the groups an external user is a member of without enumerating all groups and just looking for the external users? For instance when I'm logged in as an external user and type "id" the user's memberships in both AD and IPA are listed.
Group membership reconciliation from different sources is done by SSSD, a result of it is what you see in 'id' output. SSSD has own API to use as well but be aware it returns you POSIX groups and that group membership is flattened. So any non-POSIX groups aren't visible.
IPA framework does not have any programmatic way for this operation.
freeipa-users@lists.fedorahosted.org