View Issue Details

IDProjectCategoryView StatusLast Update
0005013CentOS-6sssdpublic2011-07-28 16:32
Reporterco6user 
PrioritynormalSeveritymajorReproducibilityalways
Status newResolutionopen 
Product Version6.0 
Target VersionFixed in Version 
Summary0005013: SSSD/NSS returns incomplete user account information
Description1. Configured SSSD with LDAP authentication.
2. To query for a user account, say John Doe, (uid is doe).

"getent passwd doe"

The result should be:

doe:*:1501:1501:John Doe:/home/doe:/bin/bash

But instead, above command returned:

doe:*:1501:1501::/home/doe:/bin/bash

which dropped the full name value for the account.


Additional InformationRelated packages installed:

sssd-1.2.1-28.el6_0.4.x86_64
sssd-client-1.2.1-28.el6_0.4.x86_64
openldap-clients-2.4.19-15.el6_0.2.x86_64
openldap-2.4.19-15.el6_0.2.x86_64
pam_ldap-185-5.el6.x86_64
nss-3.12.7-2.el6.x86_64
nss-util-3.12.8-1.el6_0.x86_64
nss-softokn-freebl-3.12.8-1.el6_0.x86_64
nss-softokn-3.12.8-1.el6_0.x86_64

sssd.conf as below:

[domain/LDAP]
id_provider = ldap
auth_provider = ldap
# ldap_schema = rfc2307
ldap_schema = rfc2307bis
ldap_uri = ldap://ldap1.example.com
ldap_search_base = dc=example,dc=com
ldap_id_use_start_tls = true
cache_credentials = true
chpass_provider = ldap
debug_level = 0
ldap_tls_cacertdir = /etc/openldap/cacerts
tls_reqcert = demand
enumerate = false
cache_credentials = true
ldap_search_timeout = 5
ldap_network_timeout = 5
ldap_opt_timeout = 5
TagsNo tags attached.

Activities

sgallagh

sgallagh

2011-07-28 11:26

reporter   ~0013058

This was ticket https://fedorahosted.org/sssd/ticket/703 upstream.

It has been fixed in the version of SSSD available in RHEL 6.1 (and therefore in CentOS 6.1 when it is released).

There is a simple workaround in the meantime. Set

ldap_user_gecos = cn

in the [domain/LDAP] section of sssd.conf
sgallagh

sgallagh

2011-07-28 13:05

reporter   ~0013059

Also, this will not take effect immediately. It will change when the cache expiration is reached for the affected entries.
sgao

sgao

2011-07-28 16:32

reporter   ~0013060

Thanks. The workaround fixed the problem.

Issue History

Date Modified Username Field Change
2011-07-27 22:00 co6user New Issue
2011-07-28 11:26 sgallagh Note Added: 0013058
2011-07-28 13:05 sgallagh Note Added: 0013059
2011-07-28 16:32 sgao Note Added: 0013060