i m trying to set up sssd with ldap backup and i have a stange problemes here is my sssd.conf file [sssd] config_file_version = 2 # Number of times services should attempt to reconnect in the # event of a crash or restart before they give up reconnection_retries = 3 # if a backend is particularly slow you can raise this timeout here sbus_timeout = 30 services = nss, pam domains = default [nss] # the following prevents sssd for searching for the root user/group in # all domains (you can add here a comma separated list of system accounts are # always going to be /etc/passwd users, or that you want to filter out) filter_groups = root filter_users = root reconnection_retries = 3 [pam] reconnection_retries = 3 [domain/default] ldap_id_use_start_tls = False cache_credentials = True auth_provider = ldap debug_level = 9 ldap_search_base = dc=int-evry,dc=fr ldap_user_search_base = ou=People,dc=int-evry,dc=fr chpass_provider = ldap id_provider = ldap min_id = 1000 ldap_uri = ldap://ldap1.int-evry.fr ldap_tls_cacertdir = /etc/openldap/cacerts ldap_default_bind_dn = cn=mcibind,ou=system,dc=int-evry,dc=fr ldap_default_authtok_type = password ldap_default_authtok = xxxxxxxxx ldap_schema = rfc2307 ldap_tls_reqcert = never i put the log level at max if i type id gaboret i got user not found but if i launch the command ldapsearch -x uid=gaboret -h ldap1.int-evry.fr -b dc=int-evry,dc=fr -D cn=mcibind,ou=system,dc=int-evry,dc=fr -W i found my user Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=int-evry,dc=fr> with scope subtree # filter: uid=gaboret # requesting: ALL # # gaboret, People, int-evry.fr dn: uid=gaboret,ou=People,dc=int-evry,dc=fr mailRoutingAddress: email@email IntEPersCreationDate: 2003/11/26-14:13:34 IntEEleveID: XXXXX o: INT Evry FRANCE objectClass: inetLocalMailRecipient objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: IntE-user objectClass: labeledURIObject objectClass: top objectClass: shadowAccount objectClass: supannPerson objectClass: eduPerson shadowLastChange: 10000 postalCode: 91011 EVRY CEDEX postalAddress: 9 rue Charles Fourier homePostalAddress: xx xxx IntEPersInetServDemande: unix-int mail-int ras-int IntEPersACLDroit: telephoneNumber homePostalAddress IntEPersUserPasswordFlag: FALSE IntEPersUserShell: tcsh mailHost: smtp-mci sn: GABORET IntEPersUserLogin: gaboret IntEPersUserMailLogin: gaboret IntEPersUserUid: 14521 IntEPersUserSmtp: smtp-mci IntEPersUserMX: mci-lmtp IntEPersUserEmail: Christophe.Gaboret IntEPersUserEntite: MCI IntEPersUserQuota: 50000 IntEPersUserNom: GABORET IntEPersUserParrain: eric.collery IntEPersUserExpire: 2999/12/31 IntEPersUserGroup: mci IntEPersUserNature: permanent givenName: Christophe IntEPersUserPTM: mci IntEPersUserPrenom: Christophe IntEPersUserGecos: Christophe GABORET IntEPersUserMbox: pop-mci gecos: Christophe GABORET loginShell: /usr/local/bin/tcsh cn: Christophe GABORET IntEPersLastModificationDate: 2003/12/01-11:12:33 uid: gaboret uidNumber: 14521 gidNumber: 145 homeDirectory: /mci/mci/gaboret telephoneNumber: +33160764540 facsimileTelephoneNumber: +33160764321 departmentNumber: S2IA codeBib: 5276 employeeType: PERMANENT jpegPhoto:: /9j/4AAQSkZJRgABAQEASABIAAD//gAIV0FORzIC roomNumber: B001-02 supannEtuId: XXXXX supannOrganisme: INT EVRY 0911781S supannAffectation: S2IA supannCodeINE: XXXXX supannParrainDN: uid=gaboret,ou=People,dc=int-evry,dc=fr eduPersonAffiliation: employee eduPersonPrimaryAffiliation: employee eduPersonNickname: Christophe eduPersonOrgDN: o=GET-INT,dc=int-evry,dc=fr eduPersonScopedAffiliation: employee@S2IA supannCivilite: M. displayName: Christophe GABORET mailLocalAddress: Christophe.Gaboret@xxxxxxxxxxx ou: S2IA IntEPersUserLastPasswordChange: 2007/09/20-16:03:12 title:: UmVzcG9uc2FibGUgw6lxdWlwZSBJbmZyYXN0cnVjdHVyZSBTeXN0w6htZXMgZXQgUsOpc2 VhdXg= homePhone: +00000000 mail: Christophe.Gaboret@xxxxxxxxxxxxxx eduPersonPrincipalName: Christophe.Gaboret@xxxxxxxxxxxxxx IntEPersUserEtat: OK labeledURI: http://www.it-sudparis.eu IntEPersPublic: TRUE supannListeRouge: FALSE supannTypeEntite: servG supannTypeEntite: RH supannTypeEntite: s2ia-isr IntEPersInetServ: unix-int mail-int ftp-intranet unix-admin ras-int twiki-S2IA unix-eph wpublic-int badge-int vpn-s2ia vpn-it vpn-remote admin-wifIT eduPersonPrimaryOrgUnitDN: sn=S2IA,sn=DSS,sn=TMSP,ou=Structures,dc=int-evry,dc =fr eduPersonOrgUnitDN: sn=S2IA,sn=DSS,sn=TMSP,ou=Structures,dc=int-evry,dc=fr businessCategory:: UmVzcG9uc2FibGUgw6lxdWlwZSBJbmZyYXN0cnVjdHVyZSBTeXN0w6htZXM gZXQgUsOpc2VhdXg= businessCategory:: SW5nw6luaWV1ciBzeXN0w6htZXMgZXQgcsOpc2VhdXg= # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root@rezo doutrele]# in the debug log of sssd i have (Mon May 31 15:39:26 2010) [sssd[be[default]]] [sbus_message_handler] (9): Recei ved SBUS method [ping] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sbus_dispatch] (9): dbus conn: 8 C5D958 (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sbus_dispatch] (9): Dispatching. (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sbus_message_handler] (9): Recei ved SBUS method [getAccountInfo] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [be_get_account_info] (4): Got re quest for [4097][1][name=gaboret] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (6): call ing ldap_search_ext with [(&(uid=gaboret)(objectclass=posixAccount))][ou=People, dc=int-evry,dc=fr]. (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requ esting attrs: [objectClass] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requ esting attrs: [uid] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requ esting attrs: [userPassword] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requ esting attrs: [uidNumber] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requ esting attrs: [gidNumber] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requ [root@b008-07 log]# more /tmp/toto (Mon May 31 15:39:26 2010) [sssd[be[default]]] [sbus_message_handler] (9): Received SBUS method [ping] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sbus_dispatch] (9): dbus conn: 8C5D958 (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sbus_dispatch] (9): Dispatching. (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sbus_message_handler] (9): Received SBUS method [getAccoun tInfo] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [be_get_account_info] (4): Got request for [4097][1][name=g aboret] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (6): calling ldap_search_ext with [ (&(uid=gaboret)(objectclass=posixAccount))][ou=People,dc=int-evry,dc=fr]. (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [objectClass ] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [uid] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [userPasswor d] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [uidNumber] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [gidNumber] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [gecos] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [homeDirecto ry] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [loginShell] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [krbPrincipa lName] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [cn] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [modifyTimes tamp] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowLastC hange] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowMin] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowMax] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowWarni ng] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowInact ive] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowExpir e] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [shadowFlag] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [krbLastPwdC hange] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [krbPassword Expiration] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (7): Requesting attrs: [pwdAttribut e] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_send] (8): ldap_search_ext called, msgid = 4 (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_process_result] (8): Trace: sh[0x8c62180], connected[ 1], ops[0x8c6b5e8], ldap[0x8c615b8] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_parse_entry] (9): OriginalDN: [uid=gaboret,ou=People, dc=int-evry,dc=fr]. (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_process_result] (8): Trace: sh[0x8c62180], connected[ 1], ops[0x8c6b5e8], ldap[0x8c615b8] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_generic_done] (6): Search result: Success(0), (nu ll) (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_users_process] (6): Search for users, returned 1 results. (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_process_result] (8): Trace: sh[0x8c62180], connected[ 1], ops[(nil)], ldap[0x8c615b8] (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_process_result] (8): Trace: ldap_result found nothing ! (Mon May 31 15:39:28 2010) [sssd[be[default]]] [ldb] (9): start ldb transaction (nesting: 0) (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_save_user_send] (9): Save user (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_save_user_send] (2): User [gaboret] filtered out! (id out of range) (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_save_users_process] (2): Failed to store user 0. Igno ring. (Mon May 31 15:39:28 2010) [sssd[be[default]]] [ldb] (9): commit ldb transaction (nesting: 0) (Mon May 31 15:39:28 2010) [sssd[be[default]]] [sdap_get_users_done] (9): Saving 1 Users - Done i don't have kerberos why sssd are looking for kerberos attribute in ldap? thanks in advance for any help -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
