ipa-client-install should populate /etc/sssd/sssd.conf: ldap_netgroup_search_base = cn=ng,cn=compat,dc=example,dc=com
Currently is neglects to add this configuration thus breaking NIS Netgroup support from "getent netgroup netgroupname"
If we are adding this directive for /all/ ipa client installations, why not change the default for SSSD at the same time, too? Even so, we would probably need to add the directive in ipa-client-install because currently freeIPA requires sssd 1.5.1, but it could be a temporary change only.
I asked about this on #sssd on Friday and the consensus was this was better handled in sssd than IPA. We should in general try to avoid client config file updates because we currently have no way of applying them to already-installed clients.
This is going to be fixed in sssd. Once it makes it into a release we'll set the minimum sssd version to that.
This will be fixed in upstream sssd in 1.5.2
In RHEL it will be fixed in bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=678615 (RHEL5) and https://bugzilla.redhat.com/show_bug.cgi?id=678614 (RHEL6)
Rename component.
Metadata Update from @jraquino: - Issue assigned to jhrozek - Issue set to the milestone: FreeIPA 2.0.2 RC2 (bug fixing)
Login to comment on this ticket.