Bug 995389
Summary: | sssd don't get some nested groups users | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Baptiste AGASSE <baptiste.agasse> | ||||||
Component: | sssd | Assignee: | Jakub Hrozek <jhrozek> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Kaushik Banerjee <kbanerje> | ||||||
Severity: | unspecified | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 7.0 | CC: | baptiste.agasse, dpal, fweimer, grajaiya, jgalipea, lslebodn, mkosek, pbrezina | ||||||
Target Milestone: | rc | ||||||||
Target Release: | --- | ||||||||
Hardware: | x86_64 | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | sssd-1.12.1-1.el7 | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2015-03-05 10:27:13 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 1101751 | ||||||||
Attachments: |
|
Description
Baptiste AGASSE
2013-08-09 08:54:23 UTC
Hello Baptiste, I tried to reproduce the issue, configured IPA 3.0 and sssd 1.9.2-87.7, following user configuration: group1: user1, user2 group2: user3, user4 group3: user5, group1, group2 [root@vm-178 ~]# getent group group1 group1:*:669200026:user1,user2 [root@vm-178 ~]# getent group group2 group2:*:669200027:user3,user4 [root@vm-178 ~]# getent group group3 group3:*:669200028:user3,user1,user5,user4,user2 [root@vm-178 ~]# id user1 uid=669200032(user1) gid=669200032(user1) groups=669200032(user1),669200028(group3),669200026(group1) [root@vm-178 ~]# id user2 uid=669200033(user2) gid=669200033(user2) groups=669200033(user2),669200028(group3),669200026(group1) [root@vm-178 ~]# id user3 uid=669200034(user3) gid=669200034(user3) groups=669200034(user3),669200028(group3),669200027(group2) I am not able to reproduce your issue, could you provide your sssd.conf and LDIF for this case? If I understand this correctly, some of the groups are non-posix, but it's not clear from your report which ones. Created attachment 790346 [details]
Users and groups diagram
Created attachment 790347 [details]
sssd config file
Hi, Sorry for the delay, I was on vacation. since a diagram is worth a thousand words, in addition to the sssd's configuration, i've attached an users and groups diagram. Hi Baptiste, There are planned improvements in nested groups handling, in the meantime, is there some essential reason for you not to use posix group? Or as a workaround, you could create posix group which would mirror the non-posix group. No essential reason, it's just some groups that only used in IPA in order to manage rights more easily. I will convert these groups to posix groups. Upstream ticket: https://fedorahosted.org/sssd/ticket/2286 This was fixed in 1.12.1 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0441.html |