- On sssd-1.14 we can see all group memberships for all AD users e.g.
- On sssd-1.15 some AD users are fine, some only show one group.
- On sssd-1.16 all AD users only show main group.
- No changes have been made on the sssd configuration file.
When running sssd-1.15 and above, SSSD discovers all the subdomains which caused following two issues:
- Some users have group memberships from domains which are not accessible which causes initgroups request failures.
- There may be possible idmap collision between the domains where groups went missing.
- Red Hat Enterprise Linux 7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.