I cannot get memberof attribute for external users from one-way trust with AD.
I have an external group ad_grafana_external with users adtest(a)adtest.local and adtest2(a)adtest.local from AD. This group is a member of group ad_grafana:
ldapsearch -W -D "uid=admin,cn=users,cn=accounts,dc=mytest,dc=local" '(cn=ad_grafana)' | grep member
member: cn=ad_grafana_external,cn=groups,cn=accounts,dc=mytest,dc=local
I can see that AD users are members of ad_grafana group:
getent group ad_grafana
ad_grafana:*:105800310:adtest2@adtest.local,adtest@adtest.local
But I cannot get memberof attribute for this external users:
# ldapsearch -W -D "uid=admin,cn=users,cn=accounts,dc=mytest,dc=local" '(uid=adtest2(a)adtest.local)'
# extended LDIF
#
# LDAPv3
# base <dc=mytest,dc=local> (default) with scope subtree
# filter: (uid=adtest2(a)adtest.local)
# requesting: ALL
#
# adtest2(a)adtest.local, users, compat, m.mcs.im
dn: uid=adtest2(a)adtest.local,cn=users,cn=compat,dc=mytest,dc=local
objectClass: posixAccount
objectClass: ipaOverrideTarget
objectClass: top
gecos: adtest2 adtest2
cn: adtest2 adtest2
uidNumber: 140601109
gidNumber: 140601109
homeDirectory: /home/adtest.local/adtest2
ipaAnchorUUID:: OlNJRDpTLTEtNS0yMS0yNjExMDg4Ny0yODU2MDIzNTY0LTI5MTIyOTUzNjYtMT
EwOQ==
uid: adtest2(a)adtest.local
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Is it possible to add memberof attrubutes to external users?
This is needed to authenticate them in web applications such as Grafana and Gitlab in my case.
FreeIPA version: 4.6.8-5
OS: CentOS Linux release 7.7.1908 (Core)