[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Group values not returned with "id" command
Justin Edmands wrote:
Thank god you got that off of your chest. the solution is:
And OpenLDAP actually has a knowledgeable community that responds to posts,
and gives correct answers.
/etc/sssd/sssd.conf
[domain/default]
..
ldap_group_member = memberUid
You should look into switching to RFC2307bis; using non-DNs for references
within an LDAP directory is a really bad idea.
ldap_group_search_base = ou=Group,dc=mysite,dc=com
..
after flushing cache, the clients see the proper groups.
That should concern you too. You're now knowingly relying on a caching
mechanism that serves stale data for your systems' base security. You should
look into using OpenLDAP nssov+pcache instead; pcache has active cache refresh
among other things so you don't need to restart or flush anything to keep your
system security up to date.
https://bugzilla.redhat.com/show_bug.cgi?id=599713
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/