Hello

I am expericing the issue described in this article https://access.redhat.com/solutions/49876 though we already have ldap_group_member = uniqueMember defined in sssd.conf.

User's primary group membership is shown by using getent user though getent group does not show group members.   I though I was finished tuning sssd.conf though this became an issue yesterday.  Members of this listserv have been extremely helpful and so I owe much of my progress to this great community.

Anyway, I think the problem's with my schema.

In LDAP I see:

dn: ou=webgroups,base

objectClass: organizationalUnit

ou: webgroups

dn: cn=groups,ou=webgroups,base

objectClass: top

objectClass: groupOfUniqueNames

cn: blah

uniqueMember: uid=blah

This makes me think we're using rfc2307 though below this entry I see:

dn: cn=gaussrun,ou=Group,base

objectClass: posixGroup

objectClass: top

cn: blah

gidNumber: gid

memberUid: blah

How can SSSD work with both memberUid and uniqueMember as well as different object classes for groups?  I obviously inherited this LDAP server which we are replacing soon.

Thanks,

Douglas Duckworth, MSc, LFCS
HPC System Administrator
Scientific Computing Unit

Physiology and Biophysics

Weill Cornell Medicine

E: doug@med.cornell.edu
O: 212-746-6305
F: 212-746-8690