Why is secondary group membership not returned correctly by sssd-ldap after update to sssd 1.12.2-58.el7_1.14 in Red Hat Enterprise Linux 7?
Issue
- After updating from
SSSD 1.12.2-58.el7_1.6
to1.12.2-58.el7_1.14
many LDAP group memberships become invalid or missing. - If
SSSD
version restored to previous version then complete list of group members is resolved correctly. - On system with
sssd 1.12.2-58.el7_1.14
$ id testuser
uid=1000(testuser) gid=1000(testuser) groups=1000(testuser),1103604585(test-dis-cogeco_ontario (except
call center)),1103604581(test-com-noc)
- On system with
sssd 1.12.2-58.el7_1.6
$ id testuser
uid=1000(testuser) gid=1000(testuser) groups=1000(testuser),1103626976(test-com-networktoolsdevelopment),1103626988(test-com-noc_change_control),1103606876(test-com-noc_shift_report),1103604529(test-dis-remedyvod),1103617944(test-dis-newsletter_on),1103630864(uqmtl-dis-oraclenotice),1103617985(test-dis-cogeco_ontario (all)),1103604585(test-dis-cogeco_ontario (except call center)),1103645407(test-com-datacentercommunications),1103604581(test-com-noc),1103640870(test-dis-google.phase.1.launch),1103637785(test-com-ns_operations_delivery_on),1103644149(test-com-hal_users),1103647889(test-com-wifi_back_office_rfq_core_team),1103652199(test-com-950_970_harvester),1103652197(test-com-950_syscon_rd),1103651633(customer solutions),1103657571(test-dis-cogeco_burlington)
Environment
- Red Hat Enterprise Linux 7.1
sssd-1.12.2-58.el7_1.14
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.