On 01/08/2015 08:33 PM, Brendan Kearney wrote:
i am so close yet so far...
i have an older env with ldap, kerberos, sasl and sssd using rfc2307.
Are you talking about server or client?
Is your server IPA or something else?
If your server is IPA then if you want to use 2307bis you point clients
to the main user tree.
If you want clients that do not understand 2307bis (for example solaris)
you need to enable compat plugin and point clients to cn=compat.
If SSSD is configured to use 2307bis but server is 2307 or vice verse
SSSD will have problems fetching groups.
i built a new env with ldap, kerberos, sasl and sssd using
rfc2307bis.
i am finding that when i ssh into one of the new boxes and run "id", i
am only getting back:
uid=1000(brendan) gid=1000(brendan) groups=1000(brendan)
the info is all the rfc2307/posix info, and not any of the rfc2307bis
info. i am a member of several other groups that are groupOfNames
objects, but the "id" command is not returning them.
is there a client side config that i am missing, in order to get the
group memberships of groupOfNames groups? i imagine i could add the
posixAccount object class to those groupOfNames groups, but wanted to
make sure that was the only/right way to do things before i did it.
man sssd-ldap
i am not clueless, just have one clue less...
brendan
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.