Hide Forgot
This bug is created as a clone of upstream ticket: https://fedorahosted.org/sssd/ticket/2571 When a client is a member of a non-default view, the initgroups operation for IPA users currently doesn't work well, because we don't store the overrideDN attributes automagically.
Fixed upstream: * master: * b2c3722b9a1eaf265f6b102043958f6d4378788c * 108db0e3b9e06e530364ef8228634f5e3f6bd3b5 * sssd-1-12: * d18bd28fb09f104e2b13382c430247cad731f867 * 74d708790a202b78242bd2951178f0a2483327be
* With un patched version [root@loki ~]# rpm -q sssd sssd-1.12.2-52.el7.x86_64 On Client [root@loki ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start [root@loki ~]# id tuser uid=1629000008(tuser) gid=1629000008(tuser) groups=1629000008(tuser),1629000010(group2),1629000009(grp1) On Server [root@django ~]# ipa idview-add bugview ----------------------- Added ID View "bugview" ----------------------- ID View Name: bugview [root@django ~]# ipa idview-apply bugview --hosts loki.ipanew.test ------------------------- Applied ID View "bugview" ------------------------- hosts: loki.ipanew.test --------------------------------------------- Number of hosts the ID View was applied to: 1 --------------------------------------------- [root@django ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start On Client [root@loki ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start [root@loki ~]# id tuser uid=1629000008(tuser) gid=1629000008(tuser) groups=1629000008(tuser) * Verified in fixed version [root@bumblebee ~]# rpm -q sssd sssd-1.12.2-55.el7.x86_64 [root@bumblebee ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start [root@bumblebee ~]# id ipauser1 uid=1707800004(ipauser1) gid=1707800004(ipauser1) groups=1707800004(ipauser1),1707800007(ipagroup2),1707800006(ipagroup1) On Server [root@vm-idm-019 ~]# ipa idview-show hostview ID View Name: hostview [root@vm-idm-019 ~]# ipa idview-apply hostview --hosts bumblebee.ipaviews.test -------------------------- Applied ID View "hostview" -------------------------- hosts: bumblebee.ipaviews.test --------------------------------------------- Number of hosts the ID View was applied to: 1 --------------------------------------------- [root@vm-idm-019 ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start On Client [root@bumblebee ~]# service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start [root@bumblebee ~]# id ipauser1 uid=1707800004(ipauser1) gid=1707800004(ipauser1) groups=1707800004(ipauser1),1707800007(ipagroup2),1707800006(ipagroup1)
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0441.html