We have been working this problem for
two weeks debugging. We have 389-ds running and multi-master with 3 RHEL6
servers and a RHEL5. The RHEL5 ldap clients authenticate correctly to the
RHEL6 389-ds directory server and with 'id' command can see all groups
a user belongs too.
The same command in a RHEL6 ldap client
using sssd shows ONLY the primary group. If we change the ldap clients
to point at the RHEL5 389-ds directory server the same results occur. The
one consistency is any RHEL6 ldap client we setup will authenticate to
either RHEL5 or RHEL6 but the entire list of groups that user belongs to
do not transfer independent of server version. We have enumerate set to
true and we have ldap_group_member set to uniqueMember. These seems to
point to the ldap client as RHEL5 client works just fine and both RHEL5
and RHEL6 389-ds servers react the same but we're not sure how to correct
or is it a bug. HELP?
Common ARTS Software Development