I'm using the 2307 schema on the server. The sssd config is fairly
#cache_credentials = True
ldap_search_base = dc=myexample,dc=com
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldaps://server_url/
tls_reqcert = demand
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_default_bind_dn = xxxxxxx
ldap_default_authtok_type = password
ldap_default_authtok = xxxxxxx
services = nss, pam
config_file_version = 2
domains = default
#filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd
I found this ticket which reports a similar problem, but, according to the
comments it should be fixed for one of the versions I'm using (1.11.6):
Thanks for the help,
On Wed, Nov 26, 2014 at 11:35 AM, Dmitri Pal <dpal(a)redhat.com> wrote:
On 11/26/2014 12:37 PM, Octavian Afilipoai wrote:
Is this a known issue? Does anybody have a solution for this?
I thought there was a ticket about this in SSSD but I can't find it.
I vaguely remember that there was something couple years ago.
What is your server schema? 2307? Or 2307bis?
How do you configure SSSD?
On Thu, Nov 20, 2014 at 4:13 PM, Octavian Afilipoai <oafilipoai(a)gmail.com>
> I'm trying to include a user "local" defined in /etc/passwd in a ldap
> group called "test" by adding a memberUid in the group definition.
> With the getent command I see the change:
> >getent group test
> However when I run the id command for user local the group test is not
> shown. Only the locally defined group "local" is listed. Also accessing
> resources which require membership to group test fails.
> >id local
> uid=1000(local) gid=1000(local) groups=1000(local)
> I don't have this issue with users defined on the ldap server (the id
> command lists all the groups they are members of). The behavior is the same
> with sssd 1.11.6 on CentOS 6.6 and sssd 1.9.2 on Centos 6.5.
> On different machines (Centos 5.x and DebianWheezy) the local user
> shows up with the correct ldap groups, but those systems don't use sssd to
> bind to the ldap server.
> The version of the server is OpenLDAP 2.4.31
> Is there anything in the configuration file which would enabled this
> behavior with sssd? Any help is appreciated.
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
sssd-users mailing list