Learn more about these different git repos.
Other Git URLs
Description[[BR]] With two LDAP domains configured, one native and one proxy, the users from the first domain are returned twice and the users from the second domain are not returned.[[BR]]
Configuration[[BR]] sssd.conf:[[BR]]
[services] description = Local Service Configuration activeServices = nss, pam reconnection_retries = 3 [services/nss] description = NSS Responder Configuration filterGroups = root filterUsers = root debug-level = 4 [services/dp] description = Data Provider Configuration debug-level = 4 [services/pam] description = PAM Responder Configuration [services/monitor] description = Service Monitor Configuration [domains] description = Domains served by SSSD domains = EXAMPLE.COM,BOS.REDHAT.COM [domains/EXAMPLE.COM] description = Request to our EXAMPLE.COM LDAP server enumerate = TRUE minId = 1000 maxId = 1010 useFullyQualifiedNames = TRUE cache-credentials = FALSE provider = ldap ldapUri = ldap://jennyv4.bos.redhat.com:389 userSearchBase = ou=people,dc=example,dc=com groupSearchBase = ou=groups,dc=example,dc=com [domains/BOS.REDHAT.COM] description = Request to our BOS.REDHAT.COM LDAP server enumerate = TRUE useFullyQualifiedNames = TRUE cache-credentials = FALSE provider = proxy libName = ldap libPath = libnss_ldap.so.2
ldap.conf:[[BR]]
uri ldap://jennyv4.bos.redhat.com:389 ssl no base dc=example,dc=com
The following is returned for user search:[[BR]]
[root@jennyF11 ~]# getent -s sss passwd puser1@EXAMPLE.COM:x:1001:1001::/export/puser1: puser2@EXAMPLE.COM:x:1002:1002::/export/puser2: puser1@BOS.REDHAT.COM:x:1001:1001:Posix User1:/export/puser1: puser2@BOS.REDHAT.COM:x:1002:1002:Posix User2:/export/puser2: puser4@BOS.REDHAT.COM:x:1011:1011:Posix User4:/export/puser4:
The following is returned for a group search [[BR]]
[root@jennyF11 ~]# getent -s sss group Duplicate@EXAMPLE.COM:x:1010: Group1@EXAMPLE.COM:x:1001: Group2@EXAMPLE.COM:x:1002: Duplicate@BOS.REDHAT.COM:x:1010: Group1@BOS.REDHAT.COM:x:1001: Group2@BOS.REDHAT.COM:x:1002: Group4@BOS.REDHAT.COM:x:1011:
Expected users "user2000@BOS.REDHAT.COM" and "user2009@BOS.REDHAT.COM" from the second domain.[[BR]] Expected groups "group2000@BOS.REDHAT.COM" and "Duplicate@BOS.REDHAT.COM" from the second domain.
Fields changed
owner: somebody => sgallagh status: new => assigned
This is a configuration bug. You have both domains pointing at the same LDAP server, though one has a less restrictive id range specified.
resolution: => invalid status: assigned => closed
rhbz: => 0
Metadata Update from @jgalipea: - Issue assigned to sgallagh - Issue set to the milestone: SSSD 0.6.0
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/1228
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.