On Fri, 23 Jul 2010 17:17:11 -0400 Scott Duckworth <sduc...@clemson.edu> wrote:
> I've learned that this attribute does exist in our tree, but it's not > being populated when we add users to groups since our proxy user does > not have rights to write groupMembership to users. I'm trying to > find out if we can get our hands on native eDirectory tools that keep > groupMembership of posixAccount and member of posixGroup in sync. > > Still, if groupOf/groupMembership is not required by rfc2307bis, it > would be nice if SSSD did not require it. Yes, we should handle this gracefully, at least through an option. > If a user has a groupOf/groupMembership attribute pointing to a group > outside of ldap_group_search_base, will this be handled gracefully? Yes, the entry will simply be ignored if not resolvable. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users