Jakub, > > Is the functionality in question only available for IPA masters? > > It shouldn't be and I'm seeing the users also on a client. I don't > remember if there was ever a bug in the client portion, I guess > lookingat the logs would be the next step.
Alright, before I gather the logs do the IPA masters need to have "ignore_group_members" set to FALSE? Do you only need client logs with debug_level set to 10, or do you need server logs too? Thanks! John DeSantis Il giorno gio 21 nov 2019 alle ore 03:55 Jakub Hrozek <jhro...@redhat.com> ha scritto: > > On Thu, Nov 14, 2019 at 10:10:20AM -0500, John Desantis wrote: > > Jakub, > > > > > This is confusing because the enumerate word is overloaded :-) > > > > Ha! Agreed. > > > > > What is not supported and I guess won't be is "getent passwd" or "getent > > > group" to get all objects from AD. > > > > I definitely agree with not being able to get all objects from AD via > > `getent passwd` or `getent group`. > > > > > get AD members of an IPA group added through an external group, e.g. > > > "getent group ipagroup" should show both its IPA and AD group members. > > > > This is exactly what I'm referring to. On the IPA masters (which have > > their AD Trusts established), I can query an IPA group which has IPA > > and external members via `getent group blah` and see both IPA and AD > > users, as long as the following option is set within sssd.conf: > > > > ignore_group_members = FALSE > > > > But, on the IPA client nodes the only time that all group members will > > be shown is if: > > > > 1.) The users have previously logged into the node in question; > > 2.) The users have been queried via `id user` or `getent passwd user` > > > > Is the functionality in question only available for IPA masters? > > It shouldn't be and I'm seeing the users also on a client. I don't > remember if there was ever a bug in the client portion, I guess > lookingat the logs would be the next step. > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org