-----Original Message----- From: sssd-devel-bounces@lists.fedorahosted.org on behalf of Stephen Gallagher Sent: Sat 22-Oct-11 21:04 To: sssd-devel@lists.fedorahosted.org Subject: Re: [SSSD] Fruits and Nuts (or, need help with nested LDAP groups)
On Sat, 2011-10-22 at 11:52 -0400, John Gorkos wrote:
I've been handed a requirement to created nested groups in our LDAP directory for our Posix logins to ease our admin load. We are using RHEL6.1 and SSSD 1.5.x from Redhat, along with OpenLDAP 2.4.x. I have loaded up a test VM with all the appropriate software, but for the life of me I can't make it work.
First of all, thank you for the highly detailed bug report. It always makes tracking issues down much easier.
You are hitting a known bug with SSSD 1.5.1 as shipped in RHEL 6.1. The upstream ticket was https://fedorahosted.org/sssd/ticket/833
I am happy to inform you, however, that this bug was fixed upstream in SSSD 1.5.9 and is backported for inclusion into RHEL 6.2.
This fix is present in the version of SSSD currently available in the RHEL 6.2 Beta release, so you may wish to grab the SSSD packages from there and give it a try
I suspected that might be the case, so I hunted around a bit and wound up here: http://jdennis.fedorapeople.org/ipa-devel/rhel/6/x86_64/os/
I pulled the sssd RPMs from that repo and installed them: # rpm -q -a | grep sssd sssd-1.5.14-0.20111021T0146z.el6.x86_64 sssd-client-1.5.14-0.20111021T0146z.el6.x86_64
Unfortunately, sssd provides no '--version' parameter, so I can't extract the current installed version from the binary itself, but all of the output I gave in my original message were generated using the 1.5.14-0 RPMs, not using the stock 1.5.1 SSSD from the RHEL6 repos.
I am going to try building 1.5.9 from source, to see if perhaps there was a regression between 1.5.9 and 1.5.14 that would cause this to appear again. Also, I'd really like to stick to the 1.5 branch unless there are plans to backport 1.6 to RHEL5. While my management machines are all RHEL6.x, my production machines are stuck on RHEL5.3 and also need the nested groups.
Thanks for the tips. John Gorkos