CentOS 6.4 (amd64) client desktop with SSSD installed+configured to do
LDAP AUTH from an openLDAP DS.
Groups in LDAP DS -- dsusers (for all users), project1, project2, ....
The objective is to give group permissions to directory trees with
users belonging to various groups; users thereby inheriting the ACL
given to respective groups.
Test case --
uid: jdoe,
gid: dsusers (primary)
On LDAP client workstation - id jdoe shows uid+gid as above.
Then I add uid jdoe to the 'project1' group in the openLDAP DS.
On the client workstation - id jdoe shows member of 'dsusers' only.
Thinking it could be due to local cache, I have deleted the files in
/var/lib/sss/db/ and still id jdoe reports member of dsusers only.
I have also waited > 5 mins. expecting the client side cache to be
updated but still the same issue. jdoe does not show up as member of
project1.
In order for jdoe to show up as member of 'project1' group, I have to
restart sssd.
In sssd.conf, in the domain section enumerate=FALSE.
I would appreciate any pointers to shorten the client side updates
regarding uid+gid association.
TIA.
--
Arun Khan
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
