Hi,
On a CentOS 7 system bound to an AD domain, running sssd 1.16.5-10.el7.
Some groups are not showing up in a users list of groups.
The group in question which is not showing up is a large group with over 5000 members. The Windows Server versions are up to date, so I'm not sure if the Windows 2k 5000 member limit is the issue or not, or whether sssd has a similar max group size limit.
Is there a limitation on either the AD or sssd side for the max number of group members?
Thanks,
Jim
Hi,
On Tue, Nov 29, 2022 at 2:54 AM Jim Burwell jimb@jsbc.cc wrote:
Hi,
On a CentOS 7 system bound to an AD domain,
Single AD domain or multiple/trusted?
running sssd 1.16.5-10.el7.
Latest should be sssd-1.16.5-10.el7_9.13
Some groups are not showing up in a users list of groups.
The group in question which is not showing up is a large group with over 5000 members.
Did you try with `ignore_group_members = true` in the domain section of `sssd.conf`?
The Windows Server versions are up to date, so I'm not sure if the Windows 2k 5000 member limit is the issue or not, or whether sssd has a similar max group size limit.
Is there a limitation on either the AD or sssd side for the max number of group members?
Thanks,
Jim
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
On 11/29/22 01:00, Alexey Tikhonov wrote:
Hi,
On Tue, Nov 29, 2022 at 2:54 AM Jim Burwell jimb@jsbc.cc wrote:
Hi, On a CentOS 7 system bound to an AD domain,
Single AD domain or multiple/trusted?
Single domain
running sssd 1.16.5-10.el7.
Latest should be sssd-1.16.5-10.el7_9.13
Yes, haven't tried that one yet because it pulls in some dependencies on our system that need to be manually resolved.
Some groups are not showing up in a users list of groups. The group in question which is not showing up is a large group with over 5000 members.
Did you try with `ignore_group_members = true` in the domain section of `sssd.conf`?
Yes. Didn't make a difference.
The Windows Server versions are up to date, so I'm not sure if the Windows 2k 5000 member limit is the issue or not, or whether sssd has a similar max group size limit. Is there a limitation on either the AD or sssd side for the max number of group members? Thanks, Jim _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
sssd-users mailing list --sssd-users@lists.fedorahosted.org To unsubscribe send an email tosssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... Do not reply to spam, report it:https://pagure.io/fedora-infrastructure/new_issue
Hi,
On Tue, Nov 29, 2022 at 8:54 PM Jim Burwell jimb@jsbc.cc wrote:
On 11/29/22 01:00, Alexey Tikhonov wrote:
Hi,
On Tue, Nov 29, 2022 at 2:54 AM Jim Burwell jimb@jsbc.cc wrote:
Hi,
On a CentOS 7 system bound to an AD domain,
Single AD domain or multiple/trusted?
Single domain
Do you use `id_provider = ad`? What is the value of `ldap_use_tokengroups` sssd.conf option?
In general, you need to enable `debug_level = 9` in `domain` and `[nss]` sections of sssd.conf and track this lookup in the logs, to see what step missed expected group.
running sssd 1.16.5-10.el7.
Latest should be sssd-1.16.5-10.el7_9.13
Yes, haven't tried that one yet because it pulls in some dependencies on our system that need to be manually resolved.
Some groups are not showing up in a users list of groups.
The group in question which is not showing up is a large group with over 5000 members.
Did you try with `ignore_group_members = true` in the domain section of `sssd.conf`?
Yes. Didn't make a difference.
The Windows Server versions are up to date, so I'm not sure if the Windows 2k 5000 member limit is the issue or not, or whether sssd has a similar max group size limit.
Is there a limitation on either the AD or sssd side for the max number of group members?
Thanks,
Jim
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
sssd-users@lists.fedorahosted.org