Jakub,
Is the functionality in question only available for IPA masters?
It shouldn't be and I'm seeing the users also on a client. I don't remember if there was ever a bug in the client portion, I guess lookingat the logs would be the next step.
Alright, before I gather the logs do the IPA masters need to have "ignore_group_members" set to FALSE?
Do you only need client logs with debug_level set to 10, or do you need server logs too?
Thanks! John DeSantis
Il giorno gio 21 nov 2019 alle ore 03:55 Jakub Hrozek jhrozek@redhat.com ha scritto:
On Thu, Nov 14, 2019 at 10:10:20AM -0500, John Desantis wrote:
Jakub,
This is confusing because the enumerate word is overloaded :-)
Ha! Agreed.
What is not supported and I guess won't be is "getent passwd" or "getent group" to get all objects from AD.
I definitely agree with not being able to get all objects from AD via `getent passwd` or `getent group`.
get AD members of an IPA group added through an external group, e.g. "getent group ipagroup" should show both its IPA and AD group members.
This is exactly what I'm referring to. On the IPA masters (which have their AD Trusts established), I can query an IPA group which has IPA and external members via `getent group blah` and see both IPA and AD users, as long as the following option is set within sssd.conf:
ignore_group_members = FALSE
But, on the IPA client nodes the only time that all group members will be shown is if:
1.) The users have previously logged into the node in question; 2.) The users have been queried via `id user` or `getent passwd user`
Is the functionality in question only available for IPA masters?
It shouldn't be and I'm seeing the users also on a client. I don't remember if there was ever a bug in the client portion, I guess lookingat the logs would be the next step. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...