Why is secondary group membership not returned correctly by sssd-ldap after update to sssd 1.12.2-58.el7_1.14 in Red Hat Enterprise Linux 7?

Solution Verified - Updated -

Issue

  • After updating from SSSD 1.12.2-58.el7_1.6 to 1.12.2-58.el7_1.14 many LDAP group memberships become invalid or missing.
  • If SSSD version restored to previous version then complete list of group members is resolved correctly.
  • On system with sssd 1.12.2-58.el7_1.14
$ id testuser
uid=1000(testuser) gid=1000(testuser) groups=1000(testuser),1103604585(test-dis-cogeco_ontario (except
call center)),1103604581(test-com-noc)
  • On system with sssd 1.12.2-58.el7_1.6
$ id testuser
uid=1000(testuser) gid=1000(testuser) groups=1000(testuser),1103626976(test-com-networktoolsdevelopment),1103626988(test-com-noc_change_control),1103606876(test-com-noc_shift_report),1103604529(test-dis-remedyvod),1103617944(test-dis-newsletter_on),1103630864(uqmtl-dis-oraclenotice),1103617985(test-dis-cogeco_ontario (all)),1103604585(test-dis-cogeco_ontario (except call center)),1103645407(test-com-datacentercommunications),1103604581(test-com-noc),1103640870(test-dis-google.phase.1.launch),1103637785(test-com-ns_operations_delivery_on),1103644149(test-com-hal_users),1103647889(test-com-wifi_back_office_rfq_core_team),1103652199(test-com-950_970_harvester),1103652197(test-com-950_syscon_rd),1103651633(customer solutions),1103657571(test-dis-cogeco_burlington)

Environment

  • Red Hat Enterprise Linux 7.1
  • sssd-1.12.2-58.el7_1.14

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In