Hello
I am expericing the issue described in this article https://access.redhat.com/solutions/49876 though we already have ldap_group_member = uniqueMember defined in sssd.conf.
User's primary group membership is shown by using getent user though getent group does not show group members. I though I was finished tuning sssd.conf though this became an issue yesterday. Members of this listserv have been extremely helpful and so I owe much of my progress to this great community.
Anyway, I think the problem's with my schema.
In LDAP I see:
dn: ou=webgroups,base objectClass: organizationalUnit ou: webgroups
dn: cn=groups,ou=webgroups,base objectClass: top objectClass: groupOfUniqueNames cn: blah uniqueMember: uid=blah
This makes me think we're using rfc2307 though below this entry I see:
dn: cn=gaussrun,ou=Group,base objectClass: posixGroup objectClass: top cn: blah gidNumber: gid memberUid: blah
How can SSSD work with both memberUid and uniqueMember as well as different object classes for groups? I obviously inherited this LDAP server which we are replacing soon.
Thanks,
Douglas Duckworth, MSc, LFCS HPC System Administrator Scientific Computing Unit Physiology and Biophysics Weill Cornell Medicine E: doug@med.cornell.edu O: 212-746-6305 F: 212-746-8690
Most of our groups are memberUid not uniqueMember so I added this to sssd.conf:
ldap_group_member = memberUid
"id user" now returns all groups! So this is now working!
Thanks,
Douglas Duckworth, MSc, LFCS HPC System Administrator Scientific Computing Unit Physiology and Biophysics Weill Cornell Medicine E: doug@med.cornell.edu O: 212-746-6305 F: 212-746-8690
On Thu, Mar 2, 2017 at 8:16 AM, Douglas Duckworth dod2014@med.cornell.edu wrote:
Hello
I am expericing the issue described in this article https://access.redhat. com/solutions/49876 though we already have ldap_group_member = uniqueMember defined in sssd.conf.
User's primary group membership is shown by using getent user though getent group does not show group members. I though I was finished tuning sssd.conf though this became an issue yesterday. Members of this listserv have been extremely helpful and so I owe much of my progress to this great community.
Anyway, I think the problem's with my schema.
In LDAP I see:
dn: ou=webgroups,base objectClass: organizationalUnit ou: webgroups
dn: cn=groups,ou=webgroups,base objectClass: top objectClass: groupOfUniqueNames cn: blah uniqueMember: uid=blah
This makes me think we're using rfc2307 though below this entry I see:
dn: cn=gaussrun,ou=Group,base objectClass: posixGroup objectClass: top cn: blah gidNumber: gid memberUid: blah
How can SSSD work with both memberUid and uniqueMember as well as different object classes for groups? I obviously inherited this LDAP server which we are replacing soon.
Thanks,
Douglas Duckworth, MSc, LFCS HPC System Administrator Scientific Computing Unit Physiology and Biophysics Weill Cornell Medicine E: doug@med.cornell.edu O: 212-746-6305 <(212)%20746-6305> F: 212-746-8690 <(212)%20746-8690>
sssd-users@lists.fedorahosted.org