[Freeipa-users] anyone know how to do sssd filters?

[KodaK]

On Tue, Dec 18, 2012 at 3:51 AM, Jakub Hrozek <jhrozek at redhat.com> wrote:
> On Tue, Dec 18, 2012 at 10:39:56AM +0100, Jakub Hrozek wrote:
>> On Mon, Dec 17, 2012 at 04:03:03PM -0500, Dmitri Pal wrote:
>> > On 12/17/2012 03:11 PM, KodaK wrote:
>> > > I'm attempting to install Satellite in my IPA domain.  There is a
>> > > ridiculous requirement that the group "dba" must not already exist
>> > > prior to installing.  Red Hat support wanted me to *remove* the DBA
>> > > group and then install.
>> > >
>> > > Anyway, I'm trying to play around with filter_groups in sssd, and I
>> > > can't seem to get it to "take."  The man page isn't exactly clear, but
>> > > here's what I've tried:
>> > >
>> > > filter_groups = dba
>> > > filter_groups= dba at fqdn
>> > >
>> > > In the [domain], [sssd] and [nss] sections of the config file.
>> > >
>> > > What's the right syntax?  Do I need it in every section?
>> > >
>> > Is it a local group or a central group?
>>
>> Where Dmitri's question is headed is that if dba is a local group (aka
>> stored in /etc/passwd), then the SSSD should be queried at all.
>               ^^^
>             /etc/group obviously

I figured. :)

The group "dba" is stored in IPA.  Here's a funny thing, though (short rundown):

Installed RHEL 6.3 on Satelite server, joined it to the domain.

Try to install Satellite: get the "Could not install database."

I try to filter out the group in IPA, try to install Satellite, get:
"The group 'dba' should exist."  This makes me think that the filter
is doing every "dba" not just dba on the IPA server.

I removed the Satellite server from IPA (ipa-client-install
--uninstall) and I get the same message (dba should exist.)

Fun stuff.

Now I'm re-installing RHEL so I can start from scratch, and I'll
attempt to install Satellite without joining it to the domain.  I'm
not fond of this option -- I don't want to have stand-alone machines
that I have to manage separately, that's why I installed IPA in the
first place.