Hello everybody,
I try to override some uid and gid for AD users in Idm (I added all users for which I need to override attributes in Default Trust View) and although everything works properly on both IdM server and replica, I cannot query the users on the ipa clients. Any other users (which are not part of the Default Trust View) are visible and groups displayed correctly on ipa clients. So far, I have removed cache on both ipa server and client, restarted sssd , removed /var/lib/sss/db/* but no success. I have enabled debugging as well for sss, nss , but nothing relevant . The odd thing is that sometimes I could query some of the users for which override was configured , but I do not know why (I tried to correlate with the group membership, number of groups the user is member of, etc but unsuccessfully ). On the ipa clients the sssd version I use is 1.16.1 and on the ipa server sssd version is 2.3.0 . Can that make a difference or be the cause of the issue ?
Any hint where I should look into would be really appreciated.