Hello! I Have the problem with Getting groups list for user in ldap: [sssd[be[DOMAIN_GROUP2]]] [sdap_initgr_rfc2307bis_next_base] (0x0400): Searching for parent groups for user [uid=hwadmin_sssd,ou=users,dc=my,dc=domain] with base [ou=groups,dc=my,dc=domain] [sssd[be[DOMAIN_GROUP2]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(memberUid=uid=hwadmin_sssd,ou=users,dc=my,dc=domain)(objectClass=posixGroup)(cn=*))][ou=groups,dc=my,dc=domain]. As seen above SSSD try to search groups with filter where memberUid = <fullDN>, but this is not correct. It should search for: (&(memberUid=hwadmin_sssd)(objectClass=posixGroup)(cn=*)) My config is: [sssd] services = nss, pam, autofs config_file_version = 2 domains = ,DOMAIN_GROUP2 override_homedir = /home/%u [domain/default] debug_level = 7 [domain/DOMAIN_GROUP2] autofs_provider = ldap cache_credentials = False id_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://172.20.47.115:389 ldap_schema = rfc2307bis ldap_default_bind_dn = uid=sssd,ou=ServiceAccounts,dc=my,dc=domain ldap_default_authtok = password ldap_group_member = memberUid #ldap_use_tokengroups = false # TLS/SSL ldap_tls_reqcert = never ldap_id_use_start_tls = False ldap_tls_cacertdir = /etc/openldap/cacerts # SEARCH BASE ldap_search_base = dc=my,dc=domain ldap_user_search_base = ou=users,dc=my,dc=domain ldap_group_search_base = ou=groups,dc=my,dc=domain #ldap_group_object_class = groupOfNames # FILTER access_provider = ldap ldap_access_filter = (memberOf=cn=HWS_ADMINS,ou=groups,dc=my,dc=domain) override_gid = 1001 override_shell = /bin/bash skel_dir=/etc/skel_ptk/ debug_level = 7 [nss] homedir_substring = /home debug_level = 7 [pam] [sudo] [autofs] [ssh] [pac] [ifp] _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
