Am Wed, Jun 30, 2021 at 07:39:44PM -0000 schrieb iulian roman via FreeIPA-users: > I do not use ldap_group_name in IPA. I'll describe bellow an example > for an override , because probably it all has to do with the > 'sAMAccountName' : > > Example of user and group in AD: > > user: testuser - AD name 'testuser' - AD 'sAMAccountName' 'testuser' - > uidNumber:23634 gidNumber:23634 > group: testuser - AD name 'testuser' - AD 'sAMAccountName' 'ux-testuser' - > gidNumber: 23634 > > Example of the override for the above mentioned user in IPA (Default Trust > View) > User to override: testu...@example.com > User Login: testuser > UID: 23634 > GID: 23634
Hi, maybe there is some unexpected interaction with the code which automatically handles user private groups and the manual creation of a user private group with the id-overrides. Have you tried if the behavior is more reliable if you change the GID in user override and group to e.g. 10023634 ? bye, Sumit > > The question is how should the override look like or what do I need to > change in AD in order to have it working properly ? Is that override > according to the IPA prerequisites for override ? > Now , as I mentioned , the behaviour is different in different sssd > versions and I can only make it work if I run 'getent group testuser' > before and playing with caches on both IPA server and IPA client. > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure