On Fri, Jan 19, 2024 at 11:56 AM Finn Fysj <[email protected]> wrote: > > > IPA doesn't show member attribute for non-authenticated binds > As mentioned this works for older hosts not using SSSD... > > > Typically users are interested in the correct group list the user is a > > member of. > > On the other side, 'ignore_group_members = true' is used often for > > performance reasons. > How will this help?
I meant to say users typically didn't care about 'getent group' (`getgrnam()`/`getgruid()`) output. > > Why do you care about 'getent group' and why don't you use > > "id_provider=ipa"? > getent group, will let me know which user is member of the group, which again > let the user access a specific instance... When it gets to DAC, `getgrouplist()` (initgroups list) is what matters. Does this work properly, i.e. does `id user1` returns all expected groups? -- _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
