Bug 924937
Summary: | Attribute "dsOnlyMemberUid" not allowed when syncing nested posix groups from AD with posixWinsync | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Ján Rusnačko <jrusnack> |
Component: | 389-ds-base | Assignee: | Rich Megginson <rmeggins> |
Status: | CLOSED ERRATA | QA Contact: | Viktor Ashirov <vashirov> |
Severity: | unspecified | Docs Contact: | |
Priority: | low | ||
Version: | 7.1 | CC: | nhosoi, nkinder, sramling, vashirov |
Target Milestone: | rc | ||
Target Release: | 7.1 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | 389-ds-base-1.3.3.1-1.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-03-05 09:30:26 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ján Rusnačko
2013-03-22 21:15:14 UTC
Upstream ticket: https://fedorahosted.org/389/ticket/47310 $ rpm -qa | grep 389 389-ds-base-debuginfo-1.3.3.1-11.el7.x86_64 389-ds-base-libs-1.3.3.1-11.el7.x86_64 389-ds-base-1.3.3.1-11.el7.x86_64 Using test case bug847868_13 I added posix groups on AD: dn: CN=adg_posix_t13_00,OU=adsync,DC=adrelm,DC=com objectClass: top objectClass: posixGroup objectClass: group cn: adg_posix_t13_00 member: CN=adg_posix_t13,OU=adsync,DC=adrelm,DC=com distinguishedName: CN=adg_posix_t13_00,OU=adsync,DC=adrelm,DC=com instanceType: 4 whenCreated: 20150119021429.0Z whenChanged: 20150119021429.0Z uSNCreated: 32944 uSNChanged: 32947 name: adg_posix_t13_00 objectGUID:: I0ToPFoDcEi46e5tB9O2tA== objectSid:: AQUAAAAAAAUVAAAAiiwF82aDDckPUPdEmwQAAA== sAMAccountName: adg_posix_t13_00 sAMAccountType: 268435457 groupType: 2 objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=adrelm,DC=com dSCorePropagationData: 16010101000000.0Z gidNumber: 3933 Corresponding entry in DS after sync: dn: cn=adg_posix_t13_00,ou=People,dc=example,dc=com objectclass: top objectclass: groupofuniquenames objectclass: ntGroup objectclass: posixGroup objectclass: dynamicGroup ntGroupDeleteGroup: true cn: adg_posix_t13_00 uniqueMember: cn=adg_posix_t13,ou=People,dc=example,dc=com ntUserDomainId: adg_posix_t13_00 ntGroupType: 2 ntUniqueId: 2344e83c5a037048b8e9ee6d07d3b6b4 gidNumber: 3933 dsOnlyMemberUid: adu_posix_t13 memberUid: adu_posix_t13 objectClass dynamicGroup was added to allow dsOnlyMemberUid attribute, no errors in the error log. Marking as VERIFIED. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0416.html |