[389-users] Issues with group names on RHEL6

[harry.devine at faa.gov]

(In my haste to post this, my first email didn't have a subject.  My 
apologies!)


We have been working this problem for two weeks debugging. We have 389-ds 
running and multi-master with 3 RHEL6 servers and a RHEL5. The RHEL5 ldap 
clients authenticate correctly to the RHEL6 389-ds directory server and 
with 'id' command can see all groups a user belongs too. 

The same command in a RHEL6 ldap client using sssd shows ONLY the primary 
group. If we change the ldap clients to point at the RHEL5 389-ds 
directory server the same results occur. The one consistency is any RHEL6 
ldap client we setup will authenticate to either RHEL5 or RHEL6 but the 
entire list of groups that user belongs to do not transfer independent of 
server version. We have enumerate set to true and we have 
ldap_group_member set to uniqueMember. These seems to point to the ldap 
client as RHEL5 client works just fine and both RHEL5 and RHEL6 389-ds 
servers react the same but we're not sure how to correct or is it a bug. 
HELP? 

Thanks!

Harry Devine
Common ARTS Software Development
AJM-245
(609)485-4218
Harry.Devine at faa.gov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20131022/fefe4a90/attachment.html>