Ticket was cloned from Red Hat Bugzilla: Bug 1688267
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
While using POSIX id mapping with IPA/AD trust auto_private_groups not working as expected === # ipa trust-add --type=ad lab.domain.com --admin administrator --password --range-type=ipa-ad-trust-posix Active Directory domain administrator's password: # id kushal@lab.domain.com uid=10000(kushal@lab.domain.com) gid=10000 groups=10000,10020(domain users@lab.domain.com) === If I do not use POSIX attribute. # ipa trust-add --type=ad lab.domain.com --admin administrator --password --range-type=ipa-ad-trust # id kushal@lab.domain.com uid=672401109(kushal@lab.domain.com) gid=672401109(kushal@lab.domain.com) groups=672401109(kushal@lab. domain.com),815100004(ad_admins),672400513(domain users@lab.domain.com) I have opened this bugzilla based on the suggestion from Jakub https://bugzilla.redhat.com/show_bug.cgi?id=1649464#c3 Reference BZ:- https://bugzilla.redhat.com/show_bug.cgi?id=1649464
Metadata Update from @frenaud: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1688267
Metadata Update from @frenaud: - Issue assigned to frenaud
Metadata Update from @frenaud: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/5712
master:
ipa-4-9:
Metadata Update from @rcritten: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @abbra: - Custom field changelog adjusted to A new option was added to define how private groups represented in ID ranges of trusted Active Directory domains. More details can be found in the design document: https://freeipa.readthedocs.io/en/latest/designs/adtrust/auto-private-groups.html - Custom field design adjusted to https://freeipa.readthedocs.io/en/latest/designs/adtrust/auto-private-groups.html
Login to comment on this ticket.