Learn more about these different git repos.
Other Git URLs
There are more administrator users: id administrator @child1.sssdad.com and id administrator @sssdad.com.
sssd is joined to the child domain.
[sssd] config_file_version = 2 services = nss, pam domains = child1.sssdad.com [nss] default_shell = /bin/bash [domain/child1.sssdad.com] debug_level = 0xFFF0 id_provider = ad ad_domain = child1.sssdad.com cache_credentials = True krb5_store_password_if_offline = True use_fully_qualified_names = True fallback_homedir = /home/%d/%u
but user from root domain administrator @sssdad.com cannot be resolved. It might be cause by fact that user is stored in different domain
[root@ibm-x3650-03 sssd]# ldbsearch -H /var/lib/sss/db/cache_child1.sssdad.com.ldb "(name=Administrator)" ldb: unable to dlopen /usr/lib64/ldb/modules/ldb/memberof.la : /usr/lib64/ldb/modules/ldb/memberof.la: invalid ELF header asq: Unable to register control with rootdse! # record 1 dn: name=Administrator,cn=users,cn=child1.sssdad.com,cn=sysdb createTimestamp: 1437407347 fullName: Administrator gecos: Administrator gidNumber: 369600513 name: Administrator objectClass: user uidNumber: 369600500 objectSIDString: S-1-5-21-4212360905-986714573-1256250948-500 uniqueID: 16c36a5f-e2ec-49cd-a2ab-742b03d3adde originalDN: CN=Administrator,CN=Users,DC=child1,DC=sssdad,DC=com originalMemberOf: CN=Group Policy Creator Owners,CN=Users,DC=child1,DC=sssdad, DC=com originalMemberOf: CN=Domain Admins,CN=Users,DC=child1,DC=sssdad,DC=com originalMemberOf: CN=Administrators,CN=Builtin,DC=child1,DC=sssdad,DC=com originalModifyTimestamp: 20150718152922.0Z entryUSN: 768294 adUserAccountControl: 66048 nameAlias: administrator lastUpdate: 1437407347 dataExpireTimestamp: 1437412747 distinguishedName: name=Administrator,cn=users,cn=child1.sssdad.com,cn=sysdb # returned 1 records # 1 entries # 0 referrals
Fields changed
description: There are more administrator users: id administrator@child1.sssdad.com and id administrator@sssdad.com.
sssd is joined to the child domain. {{{ [sssd] config_file_version = 2 services = nss, pam domains = child1.sssdad.com
[nss] default_shell = /bin/bash
[domain/child1.sssdad.com] debug_level = 0xFFF0 id_provider = ad ad_domain = child1.sssdad.com cache_credentials = True krb5_store_password_if_offline = True use_fully_qualified_names = True fallback_homedir = /home/%d/%u }}}
but user from root domain '''administrator@sssdad.com''' cannot be resolved. It might be cause by fact that user is stored in different domain {{{ [root@ibm-x3650-03 sssd]# ldbsearch -H /var/lib/sss/db/cache_child1.sssdad.com.ldb "(name=Administrator)" ldb: unable to dlopen /usr/lib64/ldb/modules/ldb/memberof.la : /usr/lib64/ldb/modules/ldb/memberof.la: invalid ELF header asq: Unable to register control with rootdse!
dn: name=Administrator,cn=users,cn=child1.sssdad.com,cn=sysdb createTimestamp: 1437407347 fullName: Administrator gecos: Administrator gidNumber: 369600513 name: Administrator objectClass: user uidNumber: 369600500 objectSIDString: S-1-5-21-4212360905-986714573-1256250948-500 uniqueID: 16c36a5f-e2ec-49cd-a2ab-742b03d3adde originalDN: CN=Administrator,CN=Users,DC=child1,DC=sssdad,DC=com originalMemberOf: CN=Group Policy Creator Owners,CN=Users,DC=child1,DC=sssdad, DC=com originalMemberOf: CN=Domain Admins,CN=Users,DC=child1,DC=sssdad,DC=com originalMemberOf: CN=Administrators,CN=Builtin,DC=child1,DC=sssdad,DC=com originalModifyTimestamp: 20150718152922.0Z entryUSN: 768294 adUserAccountControl: 66048 nameAlias: administrator lastUpdate: 1437407347 dataExpireTimestamp: 1437412747 distinguishedName: name=Administrator,cn=users,cn=child1.sssdad.com,cn=sysdb
}}} => There are more administrator users: id ''administrator @child1.sssdad.com'' and id ''administrator @sssdad.com''.
but user from root domain ''administrator @sssdad.com'' cannot be resolved. It might be cause by fact that user is stored in different domain {{{ [root@ibm-x3650-03 sssd]# ldbsearch -H /var/lib/sss/db/cache_child1.sssdad.com.ldb "(name=Administrator)" ldb: unable to dlopen /usr/lib64/ldb/modules/ldb/memberof.la : /usr/lib64/ldb/modules/ldb/memberof.la: invalid ELF header asq: Unable to register control with rootdse!
}}}
ldap_child.log ldap_child.log
domain log sssd_child1.sssdad.com.log
It worked for me on sssd-1.13.0. So I "git bisect" it. the first problematic commit is b9e74a7
commit b9e74a747b8f1012bba3575f3e4289ef4877d64a Author: Jakub Hrozek <jhrozek@redhat.com> Date: Wed Jun 17 16:13:51 2015 +0200 LDAP: Add the wildcard_limit option Related: https://fedorahosted.org/sssd/ticket/2553 Adds a new wildcard_limit option that is set by default to 1000 (one page). This option limits the number of entries that can by default be returned by a wildcard search. Reviewed-by: Pavel Březina <pbrezina@redhat.com> }}}
owner: somebody => jhrozek status: new => assigned
patch: 0 => 1
rhbz: => 0
milestone: NEEDS_TRIAGE => SSSD 1.13.1
rhbz: 0 =>
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1263735
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=1263735 1263735]
resolution: => fixed status: assigned => closed
Metadata Update from @lslebodn: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.13.1
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3764
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.