Hi Stephen, > On 12/22/2010 07:25 PM, GOLLSCHEWSKY, Tim wrote: > > Hi Sumit, > > > > Thanks for your response. > > > >> On Tue, Dec 21, 2010 at 04:02:14PM +1000, GOLLSCHEWSKY, Tim wrote: > >>> Hi all. > >>> > >>> I'm running sssd on RHEL6 and seem to have a problem seeing > >>> secondary/auxiliary groups for logged in users. > > [snip] > >>> > >>> Could it be because our AD has many more than 1000 users and 1000 groups? > >>> If so, if there any way to increase this limit? > >> > >> AD only sends 1000 entries at a time. This is called paging and we plan > >> to support paging with sssd 1.6 (see trac ticket #658). With this large > >> amount of users and groups I would recommend to set 'enumerate = false', > >> because for most of the typical uses cases this should be sufficient. > > > > OK, I've done some more testing and I believe I've found the issue. > > > > My original testing was on RHEL6, which currently ships with v1.2.1 of > > sssd. This version doesn't show the aux groups no matter what I do with > > "enumerate" or if I restrict my ldap_group_search_base to a filter than > > returns less than 1000 groups. > > > > The way I got things to work was by downloading the stock RHEL6 SRPM and > > rebuilding it with sssd v1.2.2. So I guess somewhere in v1.2.1 -> v1.2.2 > > there was a patch to fix the auxillary group search in LDAP. > > > > Note, this works now whether "enumerate" is set to true or false. > > > > Looks like I have to wait until RHEL6 supports sssd v1.2.2 or higher before > > we can migrate our server fleet to RHEL6. > > > > What version of the SSSD package are you using in RHEL6? > sssd-1.2.1-28.el6_0.4 should contain all fixes from 1.2.2 backported. > Specifically, the group fixes should have been pulled into > sssd-1.2.1-28.el6_0.1
That's the version I was running previously. I've just removed my v1.2.2 RPMs and reinstalled the stock ones: [u333...@jbsrd999m3 ~]$ rpm -q sssd sssd-1.2.1-28.el6_0.4.x86_64 [u333...@jbsrd999m3 ~]$ groups sysadm Now reinstalling my v1.2.2 RPMs: [u333...@jbsrd999m3 ~]$ rpm -q sssd sssd-1.2.2-28.el6.tim.x86_64 [u333...@jbsrd999m3 ~]$ groups sysadm unixdef dpl0002 dpl0003 dtmrp edc0001 edc0002 sasat sasap midrange midora middb2 cifrp cifrd cdirt cdirp agtrp pdirp jbsrp gbsrd dbprd edcrp jbsrd edcrd dtmrd gwrrp voirp apard estrd estrp pcmat pc4rd middlemr insrp mybrd viprp fesrp fesrd ofaat fsprd dplrp pijrd sdsrd etlat etlap iswat iswap gwrrd svnrd dbcat dbcap wmbad secru secrp optap giprp jirrp sybad sybap hudrp iswau svnrp fshrp trmst oggap rmbad iswad idmat pbirp pbird pbirt rmbat tm1ad tm1at tm1ap aairp pdiri pdird ecord ecorp abcrd nexrp esvrp xyzrd jpprd xxxrp abcrp prfrd tabrp aimrd aimrp Thanks and regards, Tim. This e-mail is sent by Suncorp-Metway Limited ABN 66 010 831 722 or one of its related entities "Suncorp". Suncorp may be contacted at Level 18, 36 Wickham Terrace, Brisbane or on 13 11 55 or at suncorp.com.au. The content of this e-mail is the view of the sender or stated author and does not necessarily reflect the view of Suncorp. The content, including attachments, is a confidential communication between Suncorp and the intended recipient. If you are not the intended recipient, any use, interference with, disclosure or copying of this e-mail, including attachments, is unauthorised and expressly prohibited. If you have received this e-mail in error please contact the sender immediately and delete the e-mail and any attachments from your system. If this e-mail constitutes a commercial message of a type that you no longer wish to receive please reply to this e-mail by typing Unsubscribe in the subject line. _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
