On Tue, Nov 05, 2019 at 09:00:44PM -0600, Spike White wrote:
All,
We're replacing a commercial product that ignores whatever GID is used in
gidNumber posix attribute, when auto_private_groups is set to true.
However, we find in sssd that even when we set auto_private_groups = True,
that in additional to all the supplemental groups defined by memberOf, it
also appends as the supplemental group the group whose GID is in gidNumber.
Is that any way to disable this? To have sssd list only "memberOf" groups
as supplemental groups when auto_private_groups == True?
Currently I can't think of anything systematic short of pointing gidNumber
to uidNumber. (I have not tested this).
What's the rationale behind this? What problems does the additional
group pose?