RHEL6 LDAP client not listing all the groups

Question

Using sssd I have a RHEL6 client configured to login using ldaps. The login works, but if the user logged is assigned to more than 1 group at the ldap level, groups only returns 1 group? Could I be missing a configuration somewhere?
The group shown is the default group assigned to the user. In RHEL5 client, the group command display all the groups that are assigned to the user.

Answer 1

I was able to spend some time today and was able to fix the issue. RHEL 6 uses sssd. The configuration file /etc/sssd/sssd.conf had to be changed to have the following in the domain/default section

ldap_search_base = dc=domain,dc=something,dc=com
ldap_group_member = uniquemember

Is the missing changes in the default config.

[domain/default]
ldap_tls_reqcert = never
auth_provider = ldap
ldap_schema = rfc2307bis
krb5_realm = EXAMPLE.COM
ldap_search_base = dc=domain,dc=something,dc=com
ldap_group_member = uniquemember
id_provider = ldap
ldap_id_use_start_tls = False
chpass_provider = ldap
ldap_uri = ldaps://yourldap.server.com/
ldap_chpass_uri = ldaps://yourldap.server.com/
krb5_kdcip = kerberos.example.com
cache_credentials = True
ldap_tls_cacertdir = /etc/openldap/cacerts
entry_cache_timeout = 600
ldap_network_timeout = 3
ldap_access_filter = (&(objectclass=shadowaccount)(objectclass=posixaccount))

Answer 2

In general the things to check are:

1) Is the LDAP schema the one you want to use? (RFC2307 vs RFC2307bis). The former stores the plain username in the "memberuid" attribute, the latter (used by AD for instance) stores the full DN in the "member" attribute.

2) Are the search bases set correctly?

If you can paste the RHEL6 and RHEL5 config files for comparison, that would be great. Feel free to sanitize/remove info like bind DNs, passwords or URIs.