On 24.02.2017 14:55, Bernard Fay wrote:
Hi,
I removed a user from an LDAP group about a week ago. Today, this user still shows as member of the group with the Linux command groups. Also, the group (Administrators) appears twice in the output of the command id: uid=10000(username) gid=10000(Administrators) groups=10001(users),10005(devel),10011(video),10015(ansible),10000(Administrators)
Can you please let us know about your nss configuration /etc/nsswitch.conf . IMHO it looks ok that the administrators is the primary group and also in the groups enumeration.
The command getent though shows the proper group assignation: getent group | grep username | cut -d: -f1 users devel video ansible
All of those groups are LDAP group.
Does someone knows why and would know how to fix this?
you can't find primary groups for a user with your command, grepping throug "getent group" . In modern systems aka sssd it is not a good idea, because enumeration ist by default set to false.
best regards
Michael
Thanks,