Hi
sorry for coming back late
one correction that, it's ok to define a long group name in "cn" of objectClass posixGroup, it won't lead any issue when login the user via sssd ldap integration.
but have the otherthing want to confirm:
i set the "ldap_group_name = description", and set the value of "desciption" different with "cn", for example:
cn=my-testing-group-at-world-wide-space
description=test-group
the command "id nick" output:
uid=15001(nick) gid=20000(my-testing-group-at-world-wide-space) groups=20000(my-testing-group-at-world-wide-space)
it still use the value of "cn"
but, if i set
access_provider = simple
# specify the long group name (as in 'cn')
simple_allow_groups = my-testing-group-at-world-wide-space
the usre 'nick' can't login (with error message incorrect password)
if i set to
access_provider = simple
# specify short group name (as in 'description')
simple_allow_groups = test-group
the user 'nick' can login now.
so looks like there is some mismatch.