On pe, 08 kesä 2018, Marc Boorshtein via FreeIPA-users wrote:
Looking through the API, I see that I can list the external members
of
a group via group_show but is there a way to list all the groups an
external user is a member of without enumerating all groups and just
looking for the external users? For instance when I'm logged in as an
external user and type "id" the user's memberships in both AD and IPA
are listed.
Group membership reconciliation from different sources is done by SSSD,
a result of it is what you see in 'id' output. SSSD has own API to use
as well but be aware it returns you POSIX groups and that group
membership is flattened. So any non-POSIX groups aren't visible.
IPA framework does not have any programmatic way for this operation.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland