Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1118670
Description of problem: AD uesrs in posix group, added to a netgroup are not resolvable in that netgroup Version-Release number of selected component (if applicable): ipa-server-3.3.3-28.el7.x86_64 How reproducible: always Steps to Reproduce: 1. Add Trust with an AD server 2. Create an external group and add AD users to that group # ipa group-add adusers_ext --external # ipa group-add-member adusers_ext --external=aduser1@adtest.qe,aduser1@pune.adtest.qe 3. Create a Posix groups and add external group as member # ipa group-add adusers_grp --desc "internal grp" # ipa group-add-member adusers_grp --groups=adusers_ext 4. Create a netgroup and add the posix group as member # ipa netgroup-add ng001 --desc="testing ng" # ipa netgroup-add-member --group=adusers_grp ng001 5. Add a ipa user as a memeber of the netgroup # ipa netgroup-add-member --user=ipahttpuser1 ng001 6. Do getent for that netgroup # service sssd stop; rm -rf /var/lib/sss/{db,mc}/*; service sssd start Redirecting to /bin/systemctl stop sssd.service Redirecting to /bin/systemctl start sssd.service # getent netgroup ng001 ng001 (-,ipahttpuser1,steeve06171722.test) Actual results: AD users are not resolved when getent netgroup is rung. IPA user is resovled. [root@hp-ms-01-c40 ~]# getent netgroup ng001 ng001 (-,ipahttpuser1,steeve06171722.test) Expected results: AD users should also be resolved Additional info:
This will require a change in slapi-nis. Alexander plans to look at it when working on Views (or delegate to sb else).
There was no time for this ticket in 4.1 - moving to later release.
Same as #4403. This would require some serious work in slapi-nis. It may be a potential target after Global Catalog work (#3125).
Metadata Update from @dpal: - Issue assigned to abbra - Issue set to the milestone: FreeIPA 4.5 backlog
Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.
Metadata Update from @rcritten: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.