SSSD does not list local user's group membership defined in LDAP
Issue
-
SSSD does not list local user's group membership defined in LDAP server.
-
SSSD is configured to use LDAP with rfc2307 and a local user added to the memberUid attribute of a LDAP group. The user is seen when the LDAP group membership is listed by "getent group ldap_group". This local user member disappears as soon as the user is being queried through SSSD (eg: id local_user).
-
Red Hat Enterprise Linux 6 is configured to authenticate against a LDAP server. A local user configured on this rhel-6 is member of groups defined on LDAP server. While
sssd
is able to find users primary group, it is not returning secondary groups defined in the LDAP server.
Example:
RHEL 6.X
[root@xgora10x]~ # getent group kingslanding
kingslanding:*:1157:tyrion
[root@xgora10x]~ # id tyrion
uid=1282(tyrion) gid=1111(tyrion) groups=1111(tyrion)
RHEL 5.8
[root@meeran]~ # getent group testgroup
testgroup:*:1157:tyrion
[root@pgadm03x]~ # id tyrion
uid=1282(tyrion) gid=1111(tyrion) groups=1111(tyrion),22900(littlefinger),1123(lordVarys),1124(targaryen),1138(lannister),1157(stark)
Environment
- Red Hat Enterprise Linux Server release 6.3 (Santiago)
- sssd-1.8.0-32.el6.x86_64
- sssd-client-1.8.0-32.el6.x86_64
- LDAP Backend
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.