search for: group_sid_dn

...enShift does not know about primary group memberships, as these are not recorded as DN links. Inside that samba-tool group listmembers command we work around that by using this filter: search_filter = ("(|(primaryGroupID=%s)(memberOf=%s))" % (rid, group_sid_dn)) You may need to contribute logic upstream to OpenShift to learn about how groups work in AD, or (if secure) forgo primary group memberships. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Develo...

...> primary group memberships, as these are not recorded as DN links. > > Inside that samba-tool group listmembers command we work around that by > using this filter: > search_filter = ("(|(primaryGroupID=%s)(memberOf=%s))" % > (rid, group_sid_dn)) > > You may need to contribute logic upstream to OpenShift to learn about > how groups work in AD, or (if secure) forgo primary group memberships. > > Andrew Bartlett > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer,...

On 21/08/2020 21:40, vincent at cojot.name wrote: > On Fri, 21 Aug 2020, Rowland penny via samba wrote: > >> This works for me: >> >> rowland at devstation:~$ sudo ldapsearch -H >> ldaps://dc01.samdom.example.com -D 'SAMDOM\Administrator' -w >> 'xxxxxxxxxx' -b 'dc=samdom,dc=example,dc=com' >>