On Tue, Nov 08, 2016 at 12:17:59AM -0000, Daniel Hermans wrote:
Hi, Thanks for the response.
Yes as you predicted it also works perfectly if i: authconfig --enablesssd --enablesssdauth --enablelocauthorize --enablemkhomedir --update --nostart [copy over full config] service sssd start ; chkconfig sssd on
Thankyou!!
I now have full LDAP auth against a domain that has no/inconsistent posix attributes ( using ldap_id_mapping = true )
only thing I had to do was use a GID override: override_gid = 10000
and add a manual group to /etc/group to stop this warning: id: cannot find name for group ID 200513
Judging by the GID value ending with 513, your server is Active Directory. I wonder if your setup uses id_provider=ad with the (default) tokengroups settings? If yes, can you try if setting that to false makes a difference: ldap_use_tokengroups = false ?
Nonetheless, I think this is a bug, but I think trying the non-optimized LDAP path might work.