Iulian,
So, only after I run getent group <group_name> on the ipa clients I can list the user attributes.
This sounds somewhat similar to behavior I ran into initially in our development deployment. For the users that aren't immediately able to be resolved on the clients, are they mapped to any IdM POSIX group via an external membership? For example: ad_user_group_external is mapped to ad_user_group as an external member?
HTH,
John DeSantis
Il giorno mar 11 mag 2021 alle ore 11:10 iulian roman via FreeIPA-users freeipa-users@lists.fedorahosted.org ha scritto:
That was a good hint ! Actually it does return the gid when I run getent group <group_name> . And after I run the getent group <group_name> on the client side, I can run as well id <user_name> . So, only after I run getent group <group_name> on the ipa clients I can list the user attributes. Any idea what needs to be changed in order to have that working without that workaround (obviously i cannot do that for hundred users and thousand clients) ? _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure