Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1030699
Description of problem: Running the id command for AD user on an IPA client does not show all of the group memberships as shown on an IPA server. MASTER: [root@nightcrawler ~]# id 'ADLABS\aduser1' uid=1436801369(aduser1@adlabs.com) gid=1436801369(aduser1@adlabs.com) groups=1436801369(aduser1@adlabs.com),1436800513(domain users@adlabs.com),1436801883(adgroup1@adlabs.com) REPLICA: [root@apollo ~]# id 'ADLABS\aduser1' uid=1436801369(aduser1@adlabs.com) gid=1436801369(aduser1@adlabs.com) groups=1436801369(aduser1@adlabs.com),1436800513(domain users@adlabs.com),1436801883(adgroup1@adlabs.com) CLIENT: [root@qe-blade-04 ~]# id 'ADLABS\aduser1' uid=1436801369(aduser1@adlabs.com) gid=1436801369(aduser1@adlabs.com) groups=1436801369(aduser1@adlabs.com) Version-Release number of selected component (if applicable): How reproducible: seen frequently in automated tests. However, in one instance, after logging into the server, I saw same results as expected. Steps to Reproduce: 0. have access to AD with user aduser 1. ipa-server-install # on server 2. ipa-client-install # on client 3. ipa-adtrust-install # on server 4. ipa trust-add # on server 5. id 'AD\aduser' # on both Actual results: 5. id shows different group lists for server and client. client is missing groups. Expected results: 5. same group list shown on client as on server. Additional info:
SSSD part of this effort is tracked by https://fedorahosted.org/sssd/ticket/2159 .
Requires SSSD ticket which was not started yet, moving to further release.
This will not fit into 4.0 GA, moving to Needs triage to decide (Sumit planned to do both FreeIPA and SSSD parts) what is the right milestone.
This features might be influenced by the user-views depending on which data the server sends back to the client. So I would suggest to do it together with the view or in the release following the views.
Moving to the same milestone as where views are.
Sumit submitted a patch 130.
master:
ipa-4-1:
Metadata Update from @mkosek: - Issue assigned to sbose - Issue set to the milestone: FreeIPA 4.1
Login to comment on this ticket.