Bug 49706 – Make univention-join-client add nested group support to sssd.conf

Bug 49706 - Make univention-join-client add nested group support to sssd.conf


Summary:	Make univention-join-client add nested group support to sssd.conf

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	Univention Domain Join (Ubuntu)
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 normal with 2 votes (vote)
Target Milestone:	---
Assigned To:	UCS maintainers
QA Contact:	UCS maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2019-06-23 21:41 CEST by Stefan
Modified:	2019-12-11 17:13 CET (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	2: Improvement: Would be a product improvement
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.046
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan 2019-06-23 21:41:59 CEST

The join assistant should configure nested group support:
https://help.univention.com/t/sssd-und-gruppenauflosung-von-verschachtelten-gruppen/1862/6

Comment 1 Arvid Requate

2019-06-24 11:05:19 CEST

Thank you for the report!

The forum post recommends adding the following lines to sssd.conf in section [domain/default]:

ldap_schema = rfc2307bis
ldap_group_member = uniqueMember
ldap_group_nesting_level = 2

The membership resoulution process can be logged by setting "debug_level = 0x1000".