-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/12/2010 11:01 AM, Sergei V. Kovylov wrote:
Stephen, you are right 1.3.1 is working version too. I have made some experiment and found out that:
- The behaviour of sssd (1.3.1) depends on how to create OU on LDAP
server. If OU with groups is created after all users' OUs then sssd gets everything correctly. Example: correct sequence: ou=MCC (users) ou=HMC (users) ou=GROUP-ACCESS (groups)
incorrect sequence: ou=GROUP-ACCESS (groups) ou=MCC (users) ou=HMC (users)
- sssd 1.4.x doesn't work even with correct sequence of OU creation
(see above). 3. if I remove GRP-SVC-SSH-NODE from GRP-SVC-SSH-NODE and recreate membership back then sssd will see members of GRP-SVC-SSH-NODE in GRP-SVC-SSH-NODE group but untill new installation or reinstallation of sssd.
Sorry it's taken me so long to reply. I've been able to reproduce the problem and I'm working on fixing it right now.
I have opened https://fedorahosted.org/sssd/ticket/683 to track the problem.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/