Learn more about these different git repos.
Other Git URLs
https://bugzilla.redhat.com/show_bug.cgi?id=878583 (Red Hat Enterprise Linux 6)
Description of problem:
With IPA Trust environment, AD User secondary group membership is not shown by
commands like id and getent. Only the primary (mapped) private user group is
On the AD side, "testuser" is a member of "Domain Users" and "testgroup"
groups. However, this does not reflect when `id` is run against "testuser":
[root@ipaserver1 ~]# su - email@example.com
The groups exist:
[root@ipaserver1 ~]# getent group AD\\testgroup
[root@ipaserver1 ~]# getent group AD\\'Domain Users'
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Setup IPA Server
2. Setup AD Server, add 2 groups, add user, add user to 2 new groups
4. ipa trust-add <addomain> --admin Administrator --password
5. id <aduser@addomain>
Does not show secondary AD Groups.
Shows all AD Groups?
design_review: => 0
owner: somebody => sbose
status: new => assigned
testsupdated: => 0
milestone: NEEDS_TRIAGE => SSSD 1.9.4
patch: 0 => 1
The ticket was fixed in the same patchset as ticket #1672. The patches were:
resolution: => fixed
status: assigned => closed
Metadata Update from @pbrezina:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.9.4
SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here:
If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.
Thank you for understanding. We apologize for all inconvenience.
to comment on this ticket.