> On pe, 09 heinä 2021, iulian roman via FreeIPA-users wrote: > > I think you have misunderstood what the documentation is saying. > yes, probably I misunderstood the statement from the doc: "The Default Trust View is always applied to IdM servers and replicas as well as to AD users and groups. You cannot assign a different ID view to them: they always apply the values from the Default Trust View"
> 'Default Trust View' can only contain overrides for users/groups from > trusted AD domains. Other ID views can contain overrides for either IPA > users/group or users/groups from trusted AD domains. > > Overrides from ID Views are cummulative: Default Trust View overrides > apply always but host-specific view is applied locally at the host, > after SSSD on the host already received the data from an IPA server. > > On IPA server only Default Trust View is applied and it is not possible > to add another view to IPA server. > > If you have problems with ID overrides' application on the specific > host, chances are that you have issues with consistency of UID/GID <-> > SID mapping in general. It can be, but I have no idea how to investigate further. I have done hundreds of tests, and it either works with one sssd version either with the other one. In AD I have the UID, GID, GID is resolved to a name, etc. On IPA server the GIDs,UIDs , username and group name are always resolved correctly, the problem occurs on the clients and it has to do with the cache and the magic group but I cannot figure out what exactly is the issue. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
