On 02/17/2013 11:33 AM, Michael Ströder wrote: 
HI!

We're running Debian systems with old sssd 1.2.1 shipped in Debian Squeeze.
This works most of the times with getent passwd and getent group together with
uncached sudo-ldap data. So the data is in place and can be correctly
retrieved by sssd via LDAP.

Since this old sssd version has some problems and does not have SUDO support
we're looking at upgrading to 1.9.4.

My colleague prepared back-ported Debian packages of 1.9.4 I'm testing with.

But I'm struggling that groups are not correctly retrieved - see my last
attempt of sssd.conf attached.

1. After login id does not show the user's groups although the OpenLDAP logs
show that group entries are searched and returned to sssd by OpenLDAP's slapd.

2. sudo -l -U username does not work although the OpenLDAP logs show that
sudoRole entries are searched and returned to sssd by OpenLDAP's slapd.

I wonder whether https://fedorahosted.org/sssd/ticket/1664 is relevant in my
case but playing with several values for filter_users_in_groups and enumerate
did not help.

Ciao, Michael.

Have you tried without enumeration?
Does it work for you?


      

      

      

      
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users


    

    

    

    
-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/