On Wed, Jun 25, 2014 at 11:55:14AM +0200, Sven Geggus wrote:
Jakub Hrozek schrieb am Dienstag, den 24. Juni um 15:59 Uhr:
My guess is that the SSSD expects the group entries to have objectclass=group.
Hm, I already suspected something like this might be the case.
When running sssd with debug option I get something like this:
[sssd[nss]] [nss_cmd_getgrnam_search] (0x0040): No results for getgrnam call [sssd[nss]] [nss_cmd_getgrnam_search] (0x0040): Group [xxx] does not exist in [example.com]! (negative cache) [sssd[nss]] [nss_cmd_getgrnam_search] (0x0040): No matching domain found for [xxx], fail!
This just means the search failed, doesn't tell why, though.
I think the domain logs would be more informative. Can you put debug_level = 6 into the [domain/example.com] section and then check out /var/log/sssd/sssd_example.com.log ?
Looks like I need to stick with nslcd for now :(
In 1.12, we're going to fix https://fedorahosted.org/sssd/ticket/2184 then you could set the same objectclass (maybe 'top' or something) for both users and groups..
Sven
-- "linux is evolution, not intelligent design" (Linus Torvalds)
/me is giggls@ircnet, http://sven.gegg.us/ on the Web _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users