View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0016140 | CentOS-7 | sssd | public | 2019-06-03 13:48 | 2019-06-03 14:00 |
| Reporter | jorbasm | ||||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | new | Resolution | open | ||
| Platform | GNU/Linux | OS | CentOS | OS Version | 7.6.1810 |
| Product Version | 7.6.1810 | ||||
| Target Version | Fixed in Version | ||||
| Summary | 0016140: SSSD does not retrieve users when ldap_id_mapping = false | ||||
| Description | SSSD works well with AD until ldap_id_mapping = false. When set up this variable this way, this is the log obtained tail -f /var/log/sssd/sssd_company.local.log (Tue May 14 16:42:08 2019) [sssd[be[company.local]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Tue May 14 16:42:08 2019) [sssd[be[company.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Tue May 14 16:42:08 2019) [sssd[be[company.local]]] [sdap_op_destructor] (0x2000): Operation 15 finished (Tue May 14 16:42:08 2019) [sssd[be[company.local]]] [generic_ext_search_handler] (0x4000): Request included referrals which were ignored. (Tue May 14 16:42:08 2019) [sssd[be[company.local]]] [generic_ext_search_handler] (0x4000): Ref: ldap://ForestDnsZones.company.local/DC=ForestDnsZones,DC=company,DC=local (Tue May 14 16:42:08 2019) [sssd[be[company.local]]] [generic_ext_search_handler] (0x4000): Ref: ldap://DomainDnsZones.company.local/DC=DomainDnsZones,DC=company,DC=local (Tue May 14 16:42:08 2019) [sssd[be[company.local]]] [generic_ext_search_handler] (0x4000): Ref: ldap://company.local/CN=Configuration,DC=company,DC=local (Tue May 14 16:42:08 2019) [sssd[be[company.local]]] [sdap_search_user_process] (0x0400): Search for users, returned 0 results. (Tue May 14 16:42:08 2019) [sssd[be[company.local]]] [sdap_search_user_process] (0x2000): Retrieved total 0 users otherwise (Tue May 14 17:01:55 2019) [sssd[be[company.local]]] [sysdb_set_entry_attr] (0x0200): Entry [name=Certain Users@company.local,cn=groups,cn=company.local,cn=sysdb] has set [cache, ts_cache] attrs. (Tue May 14 17:01:55 2019) [sssd[be[company.local]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Tue May 14 17:01:55 2019) [sssd[be[company.local]]] [sdap_save_groups] (0x4000): Group 1 members processed! This is my the sssd config file, initially setup with realm join [sssd] domains = company.local config_file_version = 2 services = nss, pam full_name_format = %1$s [domain/company.local] ad_domain = company.local krb5_realm = COMPANY.LOCAL realmd_tags = manages-system joined-with-samba cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = false use_fully_qualified_names = false fallback_homedir = /home/%u access_provider = ad debug_level = 9 I'm trying to map uids to AD POSIX values to keep consistency in a heterogeneus environment with Windows and CentOS 7 boxes. I have a problem configuring the latest. sssd works well with AD until ldap_id_mapping = false. When set up this variable this way, this is the log obtained tail -f /var/log/sssd/sssd_company.local.log (Tue May 14 16:42:08 2019) [sssd[be[company.local]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] (Tue May 14 16:42:08 2019) [sssd[be[company.local]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set (Tue May 14 16:42:08 2019) [sssd[be[company.local]]] [sdap_op_destructor] (0x2000): Operation 15 finished (Tue May 14 16:42:08 2019) [sssd[be[company.local]]] [generic_ext_search_handler] (0x4000): Request included referrals which were ignored. (Tue May 14 16:42:08 2019) [sssd[be[company.local]]] [generic_ext_search_handler] (0x4000): Ref: ldap://ForestDnsZones.company.local/DC=ForestDnsZones,DC=company,DC=local (Tue May 14 16:42:08 2019) [sssd[be[company.local]]] [generic_ext_search_handler] (0x4000): Ref: ldap://DomainDnsZones.company.local/DC=DomainDnsZones,DC=company,DC=local (Tue May 14 16:42:08 2019) [sssd[be[company.local]]] [generic_ext_search_handler] (0x4000): Ref: ldap://company.local/CN=Configuration,DC=company,DC=local (Tue May 14 16:42:08 2019) [sssd[be[company.local]]] [sdap_search_user_process] (0x0400): Search for users, returned 0 results. (Tue May 14 16:42:08 2019) [sssd[be[company.local]]] [sdap_search_user_process] (0x2000): Retrieved total 0 users Otherwise (Tue May 14 17:01:55 2019) [sssd[be[company.local]]] [sysdb_set_entry_attr] (0x0200): Entry [name=Certain Users@company.local,cn=groups,cn=company.local,cn=sysdb] has set [cache, ts_cache] attrs. (Tue May 14 17:01:55 2019) [sssd[be[company.local]]] [ldb] (0x4000): commit ldb transaction (nesting: 2) (Tue May 14 17:01:55 2019) [sssd[be[company.local]]] [sdap_save_groups] (0x4000): Group 1 members processed! This is my the sssd config file, initially setup with realm join. [sssd] domains = company.local config_file_version = 2 services = nss, pam full_name_format = %1$s [domain/company.local] ad_domain = company.local krb5_realm = COMPANY.LOCAL realmd_tags = manages-system joined-with-samba cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = false use_fully_qualified_names = false fallback_homedir = /home/%u access_provider = ad debug_level = 9 Every time I change ldap_id_mapping value I empty the SSSD cache db sudo systemctl stop sssd sudo rm -rf /var/lib/sss/db/* sudo systemctl start sssd I thought I had to file a bug. Anyway, thanks in advance. | ||||
| Steps To Reproduce | vi /etc/sssd/sssd.conf ldap_id_mapping = false sudo systemctl stop sssd sudo rm -rf /var/lib/sss/db/* sudo systemctl start sssd su - someuser su: user someuser does not exist | ||||
| Tags | active directory | ||||
| abrt_hash | |||||
| URL | |||||
