SSSD does not list local user's group membership defined in LDAP

Solution Verified - Updated -

Issue

  • SSSD does not list local user's group membership defined in LDAP server.

  • SSSD is configured to use LDAP with rfc2307 and a local user added to the memberUid attribute of a LDAP group. The user is seen when the LDAP group membership is listed by "getent group ldap_group". This local user member disappears as soon as the user is being queried through SSSD (eg: id local_user).

  • Red Hat Enterprise Linux 6 is configured to authenticate against a LDAP server. A local user configured on this rhel-6 is member of groups defined on LDAP server. While sssd is able to find users primary group, it is not returning secondary groups defined in the LDAP server.
    Example:

RHEL 6.X
[root@xgora10x]~ # getent group kingslanding
kingslanding:*:1157:tyrion
[root@xgora10x]~ # id tyrion
uid=1282(tyrion) gid=1111(tyrion) groups=1111(tyrion)

RHEL 5.8
[root@meeran]~ # getent group testgroup
testgroup:*:1157:tyrion
[root@pgadm03x]~ # id tyrion
uid=1282(tyrion) gid=1111(tyrion) groups=1111(tyrion),22900(littlefinger),1123(lordVarys),1124(targaryen),1138(lannister),1157(stark)

Environment

  • Red Hat Enterprise Linux Server release 6.3 (Santiago)
  • sssd-1.8.0-32.el6.x86_64
  • sssd-client-1.8.0-32.el6.x86_64
  • LDAP Backend

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content