On Fri, Aug 9, 2013 at 11:47 AM, Lukas Slebodnik <lslebodn(a)redhat.com
<mailto:lslebodn@redhat.com>> wrote:
Could you try to do same query with ldapsearch? (the first part is
filster and
the second one is search base.
Sure can:
root@smarty:/etc/puppet/modules/sssd/files# kinit -k -t
/etc/krb5.keytab host/$(hostname -f)
root@smarty:/etc/puppet/modules/sssd/files# ldapsearch -H
ldap://milkdud.TESTDOMAIN.local/ -Y GSSAPI -N -b
"dc=testdomain,dc=local"
"(&(objectSID=S-1-5-21-1779125721-235263668-3792523542-3663)(objectclass=group)(name=*))"
SASL/GSSAPI authentication started
SASL username: host/smarty.testdomain.local(a)TESTDOMAIN.LOCAL
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <dc=testdomain,dc=local> with scope subtree
# filter:
(&(objectSID=S-1-5-21-1779125721-235263668-3792523542-3663)(objectclass=group)(name=*))
# requesting: ALL
#
# search reference
ref:
ldap://ForestDnsZones.testdomain.local/DC=ForestDnsZones,DC=testdomain,DC=local
# search reference
ref:
ldap://DomainDnsZones.testdomain.local/DC=DomainDnsZones,DC=testdomain,DC=local
# search reference
ref: ldap://testdomain.local/CN=Configuration,DC=testdomain,DC=local
# search result
search: 4
result: 0 Success
# numResponses: 4
# numReferences: 3
It's also interesting that some of the GIDs that are returned are not
actually groups but user objects in AD.
-Chris
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Was there any resolution to this issue?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?