Learn more about these different git repos.
Other Git URLs
Reproducer
# PREPARING ipa user-add --first=Test --last=User1 --email=u1@domain.sssd cmt_user_1 # REPRODUCER systemctl daemon-reload sudo su -c "truncate -s0 /var/log/sssd/*.log" sudo su -c "rm -f /var/lib/sss/db/*" sudo su -c "rm -f /var/lib/sss/mc/*" sudo systemctl restart sssd.service getent passwd cmt_user_1 ipa group-add cmt_group_1 ipa group-add-member --users=cmt_user_1 cmt_group_1 sss_cache -UG getent group cmt_group_1 # CLEANING ipa group-del cmt_group_1 ipa user-del cmt_user_1
Output
----------------------- Added user "cmt_user_1" ----------------------- User login: cmt_user_1 First name: Test Last name: User1 Full name: Test User1 Display name: Test User1 Initials: TU Home directory: /home/cmt_user_1 GECOS: Test User1 Login shell: /bin/sh Kerberos principal: cmt_user_1@BETA Email address: u1@domain.sssd UID: 1703800077 GID: 1703800077 Password: False Member of groups: ipausers Kerberos keys available: False cmt_user_1:*:1703800077:1703800077:Test User1:/home/cmt_user_1:/bin/sh ------------------------- Added group "cmt_group_1" ------------------------- Group name: cmt_group_1 GID: 1703800078 Group name: cmt_group_1 GID: 1703800078 Member users: cmt_user_1 ------------------------- Number of members added 1 ------------------------- cmt_group_1:*:1703800078: # ^^^ BUG (cmt_user_1 missing) --------------------------- Deleted group "cmt_group_1" --------------------------- ------------------------- Deleted user "cmt_user_1" -------------------------
Fields changed
owner: somebody => pcech
Configuration:
[domain/ldap.beta] id_provider = ldap auth_provider = ldap ldap_schema = rfc2307bis ldap_uri = ldaps://algol.beta/ ldap_search_base = dc=beta ldap_user_search_base = cn=users,cn=accounts,dc=beta ldap_group_search_base = cn=groups,cn=accounts,dc=beta ldap_netgroup_search_base = dc=beta ldap_tls_cacert = /etc/ipa/ca.crt entry_cache_timeout = 30 debug_level = 0xFFFF0 timeout = 50000 [sssd] services = nss, sudo, pam, ssh domains = ldap.beta debug_level = 0xFFFFFF0 [nss] homedir_substring = /home
milestone: NEEDS_TRIAGE => SSSD 1.14.2
I am not sure if we should except that member will be right resolve as member of group if he/she is added via freeIPA server. I will test this case with AD server, so LDAP records will be handled in right way.
status: new => assigned
This is not a bug.
We need authentication in [domain/ldap.beta] section of sssd.conf:
ldap_sasl_mech = gssapi krb5_server = algol.beta krb5_realm = BETA
resolution: => invalid status: assigned => closed
Metadata Update from @pcech: - Issue assigned to pcech - Issue set to the milestone: SSSD 1.14.2
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4219
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Log in to comment on this ticket.