[SSSD] Group results.

Fri, 10 Dec 2010 03:32:48 -0800 

Hello,

I've almost managed to get sssd to work as I want, however I have this 
problems with groupmembers.

If I do an ldapsearch on a group I get this result,

---------
member: CN=x1,OU=People,DC=x,DC=x,DC=x
member: CN=x2,OU=People2,OU=People,DC=x,DC=x,DC=x
member: CN=x3,OU=People,DC=x,DC=x,DC=x
member: CN=x4,OU=People,DC=x,DC=x,DC=x
member: CN=x5,OU=People,DC=x,DC=x,DC=x

memberUid: x1
memberUid: x2
memberUid: x5
memberUid: x7
memberUid: x8
memberUid: x9
---------

A college told me that the difference (between members in 'member' and 
'memberUid') is because 'member' is the attribute set up for windows 
accounts, and 'memberUid' is for the unixaccounts, and although these 
often should be synced it could be some cases where its not (in our 
setup anyway).

So what I want is getting sssd to map groupmembers to the memberUid.

Here's a snippet from my sssd.conf

---------
ldap_user_object_class     = User
ldap_user_name                     = sAMAccountName
ldap_user_uid_number         = uidNumber
ldap_user_gid_number         = gidNumber
ldap_user_shell                 = loginShell
ldap_user_gecos                 = mail
ldap_user_principal         = userPrincipalName
ldap_user_member_of         = memberOf
ldap_user_home_directory = msSFUHomeDirectory

ldap_group_object_class = Group
ldap_group_name                 = cn
ldap_group_gid_number     = gidNumber
ldap_group_member                = memberuid
# ldap_group_member                = member
# ldap_group_member                = memberUid
# ldap_group_uuid                    = memberUid
---------

I've tried different setups here but I cant really seem to figure it 
out. If I run with the above settings i get no groups for users, and the 
following is printed in sssd debug,
---------
[sysdb_search_entry_done] (6) Error : Entry not found!
[sdap_fill_memberships] (7) member #60 (x): not found!
---------

If I use the member instead of memberuid/Uid the users are mapped to 
groups from the 'member' attribute, which seems logical,  however that's 
not what I want, as I said before, I want to map usergroups against the  
memberUid.

I would appreciate any tips or recommendations around this matter.

Best regards,
Patrik Martinsson, Sweden.




_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel

Reply via email to