IV69953: DOMAINLESS=TRUE MAY CAUSE LDAP USER TO BELONG TO 'SYSTEM' GROUP APPLIES TO AIX 7100-03
A fix is available
Closed as program error.
After turning on domainless groups (chsec -f /etc/secvars.cfg -s groups -a domainlessgroups=true), you might see that an LDAP user is listed by lsuser as belonging to the 'system' group, when they do not actually have membership to that group.
WORKAROUND: ensure there is a mapping for the 'pgid' attribute in your user map file, such as: pgid SEC_INT gidnumber s na yes
After turning on domainless groups (chsec -f /etc/secvars.cfg -s groups -a domainlessgroups=true), user might see that an LDAP user is listed by lsuser as belongs to the 'system' group, when they do not actually have membership to that group.
The group information is parsed properly when domainlessgroup attribute is defined.
6100-09 - use AIX APAR IV69226 7100-03 - use AIX APAR IV69953
Reported component name
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID
Applicable component levels
R710 PSY U869596
UP15/05/20 I 1000
More support for:
AIX Enterprise Edition
Software version: 710
Operating system(s): AIX
Reference #: IV69953
Modified date: 22 May 2015