Hi
sorry for coming back late
one correction that, it's ok to define a long group name in "cn" of
objectClass posixGroup, it won't lead any issue when login the user via
sssd ldap integration.
but have the otherthing want to confirm:
i set the "ldap_group_name = description", and set the value of
"desciption" different with "cn", for example:
cn=my-testing-group-at-world-wide-space
description=test-group
the command "id nick" output:
uid=15001(nick) gid=20000(my-testing-group-at-world-wide-space)
groups=20000(my-testing-group-at-world-wide-space)
it still use the value of "cn"
but, if i set
access_provider = simple
# specify the long group name (as in 'cn')
simple_allow_groups = my-testing-group-at-world-wide-space
the usre 'nick' can't login (with error message incorrect password)
if i set to
access_provider = simple
# specify short group name (as in 'description')
simple_allow_groups = test-group
the user 'nick' can login now.
so looks like there is some mismatch.
Thanks & Best Regards!
///
(. .)
--------ooO--(_)--Ooo--------
| Nick Tan |
------------------------------------
On Mon, Aug 4, 2014 at 8:48 PM, Jakub Hrozek <jhrozek(a)redhat.com> wrote:
On Sat, Aug 02, 2014 at 07:28:53AM +0800, XuQing Tan wrote:
> Hi
>
> i set the ldap_group_name = description in the sssd domain section. (i
want
> to map to 'description' rather than 'cn')
> i cleaned the sssd cache file and restart sssd service
> when i typed "id <user_id>", it still displayed the groupname as the
"cn"
>
> i'm using sssd 1.9.2 on CentOS 6.3:
> [root]# rpm -qa|grep sssd
> sssd-client-1.9.2-129.el6_5.4.x86_64
> sssd-1.9.2-129.el6_5.4.x86_64
>
> is it a defect?
Hard to tell without seeing the configuration and domain and sssd logs
with debug_level=6 or higher.
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users