Bug 580402
Summary: | when using sssd, id doesn't show secondary groups | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Espen Stefansen <libbe> |
Component: | sssd | Assignee: | Stephen Gallagher <sgallagh> |
Status: | CLOSED WORKSFORME | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 13 | CC: | duffy, jhrozek, sbose, sgallagh, ssorce, tmraz |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-04-12 07:59:38 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Espen Stefansen
2010-04-08 08:04:36 UTC
Ok, this has been a bone of contention in the setup for a while. What's going on here is that your LDAP server is operating in compliance with the RFC2307bis standard, while SSSD assumes by default that it is running with RFC2307. The short answer is: for your deployment, you want to set the variable ldap_schema = rfc2307bis in your [domain/<yourdomain>] section of /etc/sssd/sssd.conf For a little additional information, the difference between the RFC2307bis standard and the RFC2307 standard is this: RFC2307 uses the 'memberUid' attribute to store the name of members RFC2307bis uses the 'member' attribute to store the DN of members (which allows things like nested groups) I have a bug open upstream ( https://fedorahosted.org/sssd/ticket/438 ) to add some additional comments into the sample sssd.conf file that we install to make this more clear. If setting this value resolves your issue, please close this bug. Yep, this fixes my bug. :-) |