Hi Pavel
There is one link that i had found it is basically a forum in which it is
mentioned that sssd can also work with TLS.
Thanks And Regards
Nitesh
On Fri, Nov 11, 2011 at 1:32 PM, Nitesh Mehare <nitesh26(a)gmail.com> wrote:
Hi Greg
Thanks for the quick response
I have checked the output of ldapsearch
The output of the ldapsearch command for the user
-bash-3.2# /usr/bin/ldapsearch -h
server.com -p 389 -x -b
ou=People,o=sample "(&(uid=nitinst)(objectclass=posixAccount))"
objectclass
# extended LDIF
#
# LDAPv3
# base <ou=People,o=sample> with scope subtree
# filter: (&(uid=nitinst)(objectclass=posixAccount))
# requesting: objectclass
#
# nitinst, People, sample
dn: uid=nitinst,ou=People,o=sample
objectclass: posixaccount
objectclass: shadowaccount
objectclass: account
objectclass: top
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
-bash-3.2#
Thanks And Regards
Nitesh
On Fri, Nov 11, 2011 at 12:57 PM, <Greg.Lehmann(a)csiro.au> wrote:
> I have no experience with straight LDAP, but do with Active directory
> LDAP. Sorting out the problems does have some overlap. Have you used the
> ldapsearch command to make sure your LDAP server is returning what you
> would expect? E.g.****
>
> ** **
>
> ldapsearch -H
ldap://server.domain.com -b "dc=domain,dc=com" -D "
> browseid(a)domain.com" -W -L
"(&(sAMAccountNAME=fred)(objectClass=user))"**
> **
>
> ** **
>
> ** **
>
> *From:* sssd-devel-bounces(a)lists.fedorahosted.org [mailto:
> sssd-devel-bounces(a)lists.fedorahosted.org] *On Behalf Of *Nitesh Mehare
> *Sent:* Friday, 11 November 2011 4:33 PM
> *To:* sssd-devel(a)lists.fedorahosted.org
> *Subject:* [SSSD] SSSD Configuration issue****
>
> ** **
>
> Hello
>
> I'm configuring SSSD for the first time.I'm trying to setup the machine
> to authenticate using ldap server using sssd.The machine configuration is
> as follows
>
> bash-3.2# uname -a
> Linux
bagira.in.ibm.com 2.6.18-238.el5 #1 SMP Sun Dec 19 14:22:44 EST
> 2010 x86_64 x86_64 x86_64 GNU/Linux
> bash-3.2# cat /etc/issue
> Red Hat Enterprise Linux Server release 5.6 (Tikanga)
> Kernel \r on an \m
>
> bash-3.2#
>
> bash-3.2# rpm -qa |grep sssd
> sssd-1.2.1-39.el5
> sssd-client-1.2.1-39.el5
> bash-3.2#
>
>
> *I have modified sssd.conf file *
>
> bash-3.2# cat /etc/sssd/sssd.conf
> [sssd]
> config_file_version = 2
>
> # Number of times services should attempt to reconnect in the
> # event of a crash or restart before they give up
> reconnection_retries = 3
>
> # If a back end is particularly slow you can raise this timeout here
> sbus_timeout = 30
> services = nss, pam
>
> # SSSD will not start if you do not configure any domains.
> # Add new domain configurations as [domain/<NAME>] sections, and
> # then add the list of domains (in the order you want them to be
> # queried) to the "domains" attribute below and uncomment it.
> domains = LDAP
>
> [nss]
> # The following prevents SSSD from searching for the root user/group in
> # all domains (you can add here a comma-separated list of system accounts
> that
> # are always going to be /etc/passwd users, or that you want to filter
> out).
> filter_groups = root
> filter_users = root
> reconnection_retries = 3
>
> # The entry_cache_timeout indicates the number of seconds to retain an
> # entry in cache before it is considered stale and must block to refresh.
> # The entry_cache_nowait_timeout indicates the number of seconds to
> # wait before updating the cache out-of-band. (NSS requests will still
> # be returned from cache until the full entry_cache_timeout). Setting this
> # value to 0 turns this feature off (default).
> ; entry_cache_timeout = 600
> ; entry_cache_nowait_timeout = 300
>
> [pam]
> reconnection_retries = 3
>
> # Example domain configurations
> # Note that enabling enumeration in the following configurations will
> have a
> # moderate performance impact while enumerations are actually running, and
> # may increase the time necessary to detect network disconnection.
> # Consequently, the default value for enumeration is FALSE.
> # Refer to the sssd.conf man page for full details.
>
> # Example LOCAL domain that stores all users natively in the SSSD internal
> # directory. These local users and groups are not visible in /etc/passwd;
> it
> # now contains only root and system accounts.
> ; [domain/LOCAL]
> ; description = LOCAL Users domain
> ; id_provider = local
> ; enumerate = true
> ; min_id = 500
> ; max_id = 999
>
> # Example native LDAP domain
> # ldap_schema can be set to "rfc2307", which uses the
"memberuid"
> attribute
> # for group membership, or to "rfc2307bis", which uses the
"member"
> attribute
> # to denote group membership. Changes to this setting affect only how we
> # determine the groups a user belongs to and will have no negative effect
> on
> # data about the user itself. If you do not know this value, ask an
> # administrator.
> [domain/LDAP]
> debug_level = 9
> id_provider = ldap
> auth_provider = ldap
> ldap_schema = rfc2307
> access_provider = ldap
> ldap_access_filter = memberOf=cn=idsldap,ou=People,o=sample
> ldap_uri =
ldap://lbullet.in.ibm.com
> ldap_search_base = ou=People,o=sample
> ldap_tls_reqcert = never
> cache_credentials = false
> enumerate = False
>
> # Example LDAP domain where the LDAP server is an Active Directory server.
>
> ; [domain/AD]
> ; description = LDAP domain with AD server
> ; enumerate = false
> ; min_id = 1000
> ;
> ; id_provider = ldap
> ; auth_provider = ldap
> ; ldap_uri =
ldap://your.ad.server.com
> ; ldap_schema = rfc2307bis
> ; ldap_user_search_base = cn=users,dc=example,dc=com
> ; ldap_group_search_base = cn=users,dc=example,dc=com
> ; ldap_default_bind_dn = cn=Administrator,cn=Users,dc=example,dc=com
> ; ldap_default_authtok_type = password
> ; ldap_default_authtok = YOUR_PASSWORD
> ; ldap_user_object_class = person
> ; ldap_user_name = msSFU30Name
> ; ldap_user_uid_number = msSFU30UidNumber
> ; ldap_user_gid_number = msSFU30GidNumber
> ; ldap_user_home_directory = msSFU30HomeDirectory
> ; ldap_user_shell = msSFU30LoginShell
> ; ldap_user_principal = userPrincipalName
> ; ldap_group_object_class = group
> ; ldap_group_name = msSFU30Name
> ; ldap_group_gid_number = msSFU30GidNumber
> ; ldap_force_upper_case_realm = True
> bash-3.2#
>
>
> *The system-auth file looks like this*
>
> bash-3.2# cat /etc/pam.d/system-auth
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth required pam_env.so
> auth sufficient pam_unix.so nullok try_first_pass
> auth requisite pam_succeed_if.so uid >= 500 quiet
> auth sufficient /lib64/security/pam_sss.so use_first_pass
> auth required pam_deny.so
>
> account required pam_unix.so
> account sufficient pam_localuser.so
> account sufficient pam_succeed_if.so uid < 500 quiet
> account [default=bad success=ok user_unknown=ignore]
> /lib64/security/pam_sss.so
> account required pam_permit.so
>
> password requisite pam_cracklib.so try_first_pass retry=3 type=
> password sufficient pam_unix.so md5 shadow nullok try_first_pass
> use_authtok
> password sufficient /lib64/security/pam_sss.so use_authtok
> password required pam_deny.so
>
> session required pam_mkhomedir.so umask=0022 skel=/etc/skel/
> session optional pam_keyinit.so revoke
> session required pam_limits.so
> session [success=1 default=ignore] pam_succeed_if.so service in crond
> quiet use_uid
> session sufficient /lib64/security/pam_sss.so
> session required pam_unix.so
> bash-3.2#
>
>
>
>
> bash-3.2# cat /etc/nsswitch.conf
> #
> # /etc/nsswitch.conf
> #
> # An example Name Service Switch config file. This file should be
> # sorted with the most-used services at the beginning.
> #
> # The entry '[NOTFOUND=return]' means that the search for an
> # entry should stop if the search in the previous entry turned
> # up nothing. Note that if the search failed due to some other reason
> # (like no NIS server responding) then the search continues with the
> # next entry.
> #
> # Valid entries include:
> #
> # nisplus Use NIS+ (NIS version 3)
> # nis Use NIS (NIS version 2), also called YP
> # dns Use DNS (Domain Name Service)
> # files Use the local files
> # db Use the local database (.db) files
> # compat Use NIS on compat mode
> # hesiod Use Hesiod for user lookups
> # [NOTFOUND=return] Stop searching if not found so far
> #
>
> # To use db, put the "db" in front of "files" for entries you
want to be
> # looked up first in the databases
> #
> # Example:
> #passwd: db files nisplus nis
> #shadow: db files nisplus nis
> #group: db files nisplus nis
>
> passwd: files sss
> shadow: files
> group: files sss
>
> #hosts: db files nisplus nis dns
> hosts: files dns
>
> # Example - obey only what nisplus tells us...
> #services: nisplus [NOTFOUND=return] files
> #networks: nisplus [NOTFOUND=return] files
> #protocols: nisplus [NOTFOUND=return] files
> #rpc: nisplus [NOTFOUND=return] files
> #ethers: nisplus [NOTFOUND=return] files
> #netmasks: nisplus [NOTFOUND=return] files
>
> bootparams: nisplus [NOTFOUND=return] files
>
> ethers: files
> netmasks: files
> networks: files
> protocols: files
> rpc: files
> services: files
>
> netgroup: nisplus
>
> publickey: nisplus
>
> automount: files nisplus
> aliases: files nisplus
>
> bash-3.2#
>
> *The firewall and selinux is disabled*
>
>
> I have tried to look into the traces which shows the following
>
> *bash-3.2# tail -f /var/log/messages*
> Nov 11 09:15:58 bagira sssd: Starting up
> Nov 11 09:15:58 bagira sssd[be[LDAP]]: Starting up
> Nov 11 09:15:58 bagira sssd[nss]: Starting up
> Nov 11 09:15:58 bagira sssd[pam]: Starting up
>
>
>
>
>
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [be_get_account_info] (4):
> Got request for [4097][1][name=nitinst]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (6):
> calling ldap_search_ext with
> [(&(uid=nitinst)(objectclass=posixAccount))][ou=People,o=sample].
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [objectClass]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [uid]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [userPassword]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [uidNumber]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [gidNumber]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [gecos]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [homeDirectory]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [loginShell]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [krbPrincipalName]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [cn]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [modifyTimestamp]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [shadowLastChange]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [shadowMin]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [shadowMax]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [shadowWarning]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [shadowInactive]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [shadowExpire]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [shadowFlag]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [krbLastPwdChange]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [krbPasswordExpiration]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [pwdAttribute]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (8):
> ldap_search_ext called, msgid = 1126
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_process_result] (8):
> Trace: sh[0x858e7f0], connected[1], ops[0x85a14e0], ldap[0x858e9b0]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_parse_entry] (9):
> OriginalDN: [uid=nitinst,ou=People,o=sample].
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_process_result] (8):
> Trace: sh[0x858e7f0], connected[1], ops[0x85a14e0], ldap[0x858e9b0]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_process_result] (8):
> Trace: ldap_result found nothing!
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_process_result] (8):
> Trace: sh[0x858e7f0], connected[1], ops[0x85a14e0], ldap[0x858e9b0]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_done] (6):
> Search result: Success(0),
> *(Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_users_process]
> (6): Search for users, returned 1 results.*
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_process_result] (8):
> Trace: sh[0x858e7f0], connected[1], ops[(nil)], ldap[0x858e9b0]
> *(Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_process_result] (8):
> Trace: ldap_result found nothing!*
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [ldb] (9): start ldb
> transaction (nesting: 0)
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_save_user_send] (9):
> Save user
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_save_user_send] (7):
> Adding original DN [uid=nitinst,ou=People,o=sample] to attributes of
> [nitinst].
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_save_user_send] (7):
> Original memberOf is not available for [nitinst].
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_save_user_send] (7):
> User principal is not available for [nitinst].
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_save_user_send] (9):
> Adding [shadowLastChange]=[15288] to user attributes.
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_save_user_send] (6):
> Storing info for user nitinst
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_save_users_process]
> (9): User 0 processed!
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [ldb] (9): commit ldb
> transaction (nesting: 0)
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_users_done] (9):
> Saving 1 Users - Done
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [acctinfo_callback] (4):
> Request processed. Returned 0,0,Success
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sbus_dispatch] (9): dbus
> conn: 8589BA0
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sbus_dispatch] (9):
> Dispatching.
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sbus_message_handler] (9):
> Received SBUS method [getAccountInfo]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [be_get_account_info] (4):
> Got request for [4099][1][name=nitinst]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_initgr_send] (9):
> Retrieving info for initgroups call
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (6):
> calling ldap_search_ext with
> [(&(uid=nitinst)(objectclass=posixAccount))][ou=People,o=sample].
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [objectClass]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [uid]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [userPassword]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [uidNumber]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [gidNumber]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [gecos]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [homeDirectory]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [loginShell]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [krbPrincipalName]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [cn]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [modifyTimestamp]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [shadowLastChange]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [shadowMin]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [shadowMax]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [shadowWarning]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [shadowInactive]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [shadowExpire]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [shadowFlag]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [krbLastPwdChange]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [krbPasswordExpiration]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [pwdAttribute]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (8):
> ldap_search_ext called, msgid = 1127
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_process_result] (8):
> Trace: sh[0x858e7f0], connected[1], ops[0x85a8a50], ldap[0x858e9b0]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_parse_entry] (9):
> OriginalDN: [uid=nitinst,ou=People,o=sample].
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_process_result] (8):
> Trace: sh[0x858e7f0], connected[1], ops[0x85a8a50], ldap[0x858e9b0]
> *(Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_process_result] (8):
> Trace: ldap_result found nothing!*
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_process_result] (8):
> Trace: sh[0x858e7f0], connected[1], ops[0x85a8a50], ldap[0x858e9b0]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_done] (6):
> Search result: Success(0),
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_initgr_user] (9):
> Receiving info for the user
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_process_result] (8):
> Trace: sh[0x858e7f0], connected[1], ops[(nil)], ldap[0x858e9b0]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_process_result] (8):
> Trace: ldap_result found nothing!
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [ldb] (9): start ldb
> transaction (nesting: 0)
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_initgr_store] (9):
> Storing the user
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_save_user_send] (9):
> Save user
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_save_user_send] (7):
> Adding original DN [uid=nitinst,ou=People,o=sample] to attributes of
> [nitinst].
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_save_user_send] (7):
> Original memberOf is not available for [nitinst].
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_save_user_send] (7):
> User principal is not available for [nitinst].
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_save_user_send] (9):
> Adding [shadowLastChange]=[15288] to user attributes.
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_save_user_send] (6):
> Storing info for user nitinst
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_initgr_commit] (9):
> Commit change
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [ldb] (9): commit ldb
> transaction (nesting: 0)
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_initgr_process]
> (9): Process user's groups
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (6):
> calling ldap_search_ext with
> [(&(memberuid=nitinst)(objectclass=posixGroup))][ou=People,o=sample].
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [objectClass]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [cn]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [userPassword]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [gidNumber]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [memberuid]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (7):
> Requesting attrs: [modifyTimestamp]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_send] (8):
> ldap_search_ext called, msgid = 1128
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_process_result] (8):
> Trace: sh[0x858e7f0], connected[1], ops[0x85a1770], ldap[0x858e9b0]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_parse_entry] (9):
> OriginalDN: [cn=idsldap,ou=People,o=sample].
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_process_result] (8):
> Trace: sh[0x858e7f0], connected[1], ops[0x85a1770], ldap[0x858e9b0]
> *(Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_process_result] (8):
> Trace: ldap_result found nothing!*
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_process_result] (8):
> Trace: sh[0x858e7f0], connected[1], ops[0x85a1770], ldap[0x858e9b0]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_generic_done] (6):
> Search result: Success(0),
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_process_result] (8):
> Trace: sh[0x858e7f0], connected[1], ops[(nil)], ldap[0x858e9b0]
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_process_result] (8):
> Trace: ldap_result found nothing!
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [ldb] (9): start ldb
> transaction (nesting: 0)
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [ldb] (9): commit ldb
> transaction (nesting: 0)
> (Fri Nov 11 10:20:30 2011) [sssd[be[LDAP]]] [sdap_get_initgr_done] (9):
> Initgroups done
>
>
>
> From the traces what i could figure out is once it returned the search
> result but still it gave the error *ldap_result found nothing! *even
> though the entry in present on the ldap server.
> Could you tell me if i'm missing any configuration step ??
>
> Thanks****
>
> _______________________________________________
> sssd-devel mailing list
> sssd-devel(a)lists.fedorahosted.org
>
https://fedorahosted.org/mailman/listinfo/sssd-devel
>
>