Learn more about these different git repos.
Other Git URLs
It was caught as a part of regression test for ticket #2311.
I assume it is related to latest changes to referral.
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectclass=trustedDomain)(trustType=2)(!(msDS-TrustForestTrustInfo=*))(cn=(null)))][DC=sssdad2012,DC=com]. [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [flatName] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [trustPartner] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [securityIdentifier] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [trustType] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [trustAttributes] [sdap_get_generic_ext_step] (0x0080): ldap_search_ext failed: Bad search filter [generic_ext_search_handler] (0x0040): sdap_get_generic_ext_recv failed [1432158239]: Malformed search filter [ad_subdomains_get_root_domain_done] (0x0040): sdap_get_generic_send request failed. [sdap_id_op_destroy] (0x4000): releasing operation connection [sdap_process_result] (0x2000): Trace: sh[0x1de97570], connected[1], ops[0x1dfadde0], ldap[0x1de97f90] [sdap_process_result] (0x2000): Trace: ldap_result found nothing! [sdap_process_result] (0x2000): Trace: sh[0x1de97570], connected[1], ops[0x1dfadde0], ldap[0x1de97f90] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set [sdap_op_destructor] (0x2000): Operation 13 finished [ad_master_domain_netlogon_done] (0x0080): No netlogon data available. Flat name might not be usable [ad_subdomains_master_dom_done] (0x0400): SSSD needs to look up the forest root domain [sdap_print_server] (0x2000): Searching 10.12.0.157 [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectclass=trustedDomain)(trustType=2)(!(msDS-TrustForestTrustInfo=*))(cn=(null)))][DC=sssdad2012,DC=com]. [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [flatName] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [trustPartner] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [securityIdentifier] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [trustType] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [trustAttributes] [sdap_get_generic_ext_step] (0x0080): ldap_search_ext failed: Bad search filter [generic_ext_search_handler] (0x0040): sdap_get_generic_ext_recv failed [1432158239]: Malformed search filter [ad_subdomains_get_root_domain_done] (0x0040): sdap_get_generic_send request failed.
template for sssd.conf
[sssd] config_file_version = 2 services = nss, pam domains = sssdad2012.com user = [nss] filter_groups = root filter_users = root default_shell = /bin/bash override_homedir = /home/%u [domain/sssdad2012.com] id_provider = ad cache_credentials = True full_name_format = %2$s\%1$s krb5_store_password_if_offline = True use_fully_qualified_names = True fallback_homedir = /home/%d/%u ad_domain=junk ad_server=ad.sssdad2012.com
Fields changed
summary: REGRESSION: Malformed ldap filter when looking up trusted dmains. => REGRESSION: Malformed ldap filter when looking up trusted domains
Replying to [ticket:2662 lslebodn]:
{{{ ad_domain=junk }}}
Bad configuration. This breaks several queries against AD.
That being said, this did reveal a potential issue with Samba 4 DCs (they don't return anything for the cldap PING netlogon search either). So we do need to handle that case better, but it needs to be a separate enhancement.
resolution: => invalid status: new => closed
Metadata Update from @lslebodn: - Issue set to the milestone: NEEDS_TRIAGE
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3703
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.