Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1211714
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
Here is the most interesting part of log file [be_get_account_info] (0x0100): Got request for [4097][1][name=hdpadmin] [be_req_set_domain] (0x0400): Changing request domain from [SUB.EXAMPLE.TEST] to [SUB.EXAMPLE.TEST] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain SID from [(null)] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain SID from [(null)] [sdap_id_op_connect_step] (0x4000): reusing cached connection [sdap_search_user_next_base] (0x0400): Searching for users with base [DC=sub,DC=EXAMPLE,DC=TEST] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=hdpadmin)(objectclass=user)(sAMAccountName=*)(&(uidNumber=*)(!(uidNumber=0))))][DC=sub,DC=EXAMPLE,DC=TEST]. [sdap_search_user_process] (0x0400): Search for users, returned 0 results. [sdap_get_users_done] (0x0040): Failed to retrieve users I can see: * request for user hdpadmin (getpwnam) * there is a problem with parsing domain SID. It is null, but I don't know why. * we try to find POSIX attributes in ldap because there was problem with id mapping. Of course it did not find anything. There was an error: [sssd[be[SUB.EXAMPLE.TEST]] [sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Cannot find KDC for requested realm)] The proposed workaround for disabling subdomains should have fixed it. "subdomains_provider = none" However there is bug in sssd that id mapping does not work correctly with disabled subdomains. I tried to manually configure ldap_idmap_default_domain and ldap_idmap_default_domain_sid but it fix id mapping just partially. It works just for users which have POSIX attributes. >calling ldap_search_ext with [(&(sAMAccountName=hdpadmin)(objectclass=user)(sAMAccountName=*)(&(uidNumber=*)(!(uidNumber=0))))][DC=sub,DC=EXAMPLE,DC=TEST].
Fields changed
blockedby: => blocking: => changelog: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => mark: no => 0 owner: somebody => lslebodn patch: 0 => 1 review: True => 0 selected: => status: new => assigned testsupdated: => 0
milestone: NEEDS_TRIAGE => SSSD 1.12.5
resolution: => fixed status: assigned => closed
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1221358 (Red Hat Enterprise Linux 6)
rhbz: [https://bugzilla.redhat.com/show_bug.cgi?id=1211714 1211714] => [https://bugzilla.redhat.com/show_bug.cgi?id=1211714 1211714], [https://bugzilla.redhat.com/show_bug.cgi?id=1221358 1221358]
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1268874 (Red Hat Enterprise Linux 6)
rhbz: [https://bugzilla.redhat.com/show_bug.cgi?id=1211714 1211714], [https://bugzilla.redhat.com/show_bug.cgi?id=1221358 1221358] => [https://bugzilla.redhat.com/show_bug.cgi?id=1211714 1211714], [https://bugzilla.redhat.com/show_bug.cgi?id=1221358 1221358], [https://bugzilla.redhat.com/show_bug.cgi?id=1268874 1268874]
Metadata Update from @lslebodn: - Issue assigned to lslebodn - Issue set to the milestone: SSSD 1.12.5
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3676
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.