Identity Management (IPA) RHEL 6.2 winsync question.

Latest response

Hey all.

 

Sorry if this is the wrong forum to post this question.

 

I have set up an Identity Management server (ipa-server) on rhel 6.2.

I have also installed a Microsoft Windows Server 2008 R2 to try out the replication between theese two.

 

Now i do get users to successfully synchronize between the AD and the IPA domain, however the default group assignment is not working.

 

Example:

I create a user from inside the IPA domain (webb or commandline) and the user is automaticly granted membership in the group "ipausers".

 

I create a user in the Microsoft Active Directory and the user is successfully replicated over to the IPA domain BUT the user is NOT a member of the "ipausers" group.

---

 

The documentation states that there is an attribute called "ipaWinSyncDefaultGroupAttr"

that contains the value of what attribute to read for default group membership.

like this:

ipawinsyncdefaultgroupattr: ipaDefaultPrimaryGroup

 

And the attribute ipaDefaultPrimaryGroup looks to be correct also:

ipaDefaultPrimaryGroup: ipausers

 

So, what should i do? Should I try to post a bug? Has anyone installed this and got it working?

JW
Log in to join the conversation

Responses

MN Red Hat Expert 812 points
27 January 2012 3:50 PM

Hi Johnny

 

The issue you are facing where the AD users synced to IPA are not added as a member of "ipauser" default group.

 

This is a bug.

https://bugzilla.redhat.com/show_bug.cgi?id=785201

 

Regards

Niranjan

JW Community Member 30 points
30 January 2012 8:39 AM

Ahh, ok.

 

Thanks alot for posting that.

 

Regards

Johnny

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.