Re: (no subject)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



harry.devine@xxxxxxx wrote:

We tried that and, sadly, it made no difference.  In fact, we get LESS
information that before.  It appears as though we get the main group,
and it does not know how to dig further to get the sub-groups and group
members.  Also, we found that our ldap_group_member is called
uniqueMember and not memberUid.  Perhaps that's unique to your
installation?

Any other ideas?  Should we post our sssd.conf?

You may want to cross-post this on the sssd-users mailing list, https://lists.fedorahosted.org/mailman/listinfo/sssd-users

rob


Thanks,
Harry

Harry Devine
Common ARTS Software Development
AJM-245
(609)485-4218
Harry.Devine@xxxxxxx


From: 	Justin Edmands <shockwavecs@xxxxxxxxx>
To: 	"General discussion list for the 389 Directory server project."
<389-users@xxxxxxxxxxxxxxxxxxxxxxx>
Date: 	10/22/2013 10:22 AM
Subject: 	Re:  (no subject)
Sent by: 	389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx


------------------------------------------------------------------------



On Tue, Oct 22, 2013 at 9:51 AM, <_harry.devine@faa.gov_
<mailto:harry.devine@xxxxxxx>> wrote:

We have been working this problem for two weeks debugging. We have
389-ds running and multi-master with 3 RHEL6 servers and a RHEL5. The
RHEL5 ldap clients authenticate correctly to the RHEL6 389-ds directory
server and with 'id' command can see all groups a user belongs too.

The same command in a RHEL6 ldap client using sssd shows ONLY the
primary group. If we change the ldap clients to point at the RHEL5
389-ds directory server the same results occur. The one consistency is
any RHEL6 ldap client we setup will authenticate to either RHEL5 or
RHEL6 but the entire list of groups that user belongs to do not transfer
independent of server version. We have enumerate set to true and we have
ldap_group_member set to uniqueMember. These seems to point to the ldap
client as RHEL5 client works just fine and both RHEL5 and RHEL6 389-ds
servers react the same but we're not sure how to correct or is it a bug.
HELP?

Thanks!

Harry Devine
Common ARTS Software Development
AJM-245_
__(609)485-4218_ <tel:%28609%29485-4218>_
__Harry.Devine@faa.gov_ <mailto:Harry.Devine@xxxxxxx>
--
389 users mailing list_
__389-users@lists.fedoraproject.org_
<mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>_
__https://admin.fedoraproject.org/mailman/listinfo/389-users_


I had the same issue. SSSD needs to be told where to pull these from.

I had to add this to the global section of the sssd.conf (you may need
to disable all caching devices as well. they will hold the old "id" lookups)

ldap_group_member = memberUid
ldap_group_search_base = ou=<your group here>,dc=sagedining,dc=com
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users



--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users





[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux