On Mon, Mar 12, 2018 at 11:04 AM, Asif Iqbal <vadud3(a)gmail.com>
wrote:
>
>
> On Mon, Mar 12, 2018 at 5:59 AM, Sumit Bose <sbose(a)redhat.com> wrote:
>
>> On Sun, Mar 11, 2018 at 10:25:24AM -0400, Asif Iqbal wrote:
>> > I still like some help with any workaround in dealing with string.
>> >
>> > IT LDAP team do not have any attribute value with real number. Is it
>> > possible to create a local DB to map the mnetid to a real number and
>> then
>> > use that table as a reference for ID mapping? I am not sure if this
>> > discussion should be in developer mailing list.
>>
>> You might want to try local overrides, see man sss_override for details.
>>
>
> Let me read up on it real quick and explore that. What should I be looking
> for?
> How to override mnetid attribute value type from string to integer?
>
>
So I see 5% of current users have mnetid with leading 0.
So I never used sss_override. How do I use sss_override to make mnetid
004311
to work with sss when ldap id mapping tries to map 4311 instead?
Appreciate your help!
I haven't tested it with your setup but
sss_override user_add mwvande --uid 4311 --gid 4311
sss_override group_add mwvande --gid 4311
should create the needed override data so that user and group mwvande
can be looked up with the ID 4311.
HTH
bye,
Sumit
>
>
>> As an alternative you might want to try to enable enumeration. After the
>> initial enumeration run is done all users and groups are already in
>> SSSD's cache and lookups by id should work. But I'm not sure if
>> enumeration can handle you setup where user and groups are defined by
>> the same LDAP object.
>>
>>
> During initial setup, before this server was in production, I tried
> enumeration on
> and I think login were failing and it was doing ldap query for 2500 users
> and
> almost was not responding. So kind of risky to go that path, since most
> users'
> mnetd id do not have leading `0' and I might add more problem than
> solution :-)
>
>
>
>> Finally, if it is possible to remove the leading '0's from mnetid it
>> should work as well because then '(mnetid=4311)' would match as string
>> as well.
>>
>>
> I think I have the worst IT LDAP team. They will not change there schema
> and
> remove any leading 0s from mnetid.
>
> Might be little off-topic, but I am not sure if we could have a ldap sync
> all attributes
> to a local ldap server minus the mnetid and we populate that with numbers.
> Probably
> also add more work to address few user accounts with leading 0s
>
>
> bye,
>> Sumit
>>
>> >
>> > Appreciate any help
>> >
>> >
>> >
>> >
>> > On Mar 8, 2018 11:29 PM, "Asif Iqbal" <vadud3(a)gmail.com>
wrote:
>> >
>> >
>> >
>> > On Wed, Feb 28, 2018 at 4:27 PM, Jakub Hrozek <jhrozek(a)redhat.com>
>> wrote:
>> >
>> > > I think the next good step would be to show the LDIF and logs of a
>> > > resolution of a single faulty entry, e.g. 80974 which you used
>> earlier as
>> > > an example of an entry that doesn’t work.
>> > >
>> >
>> > Here are some logs for this account
>> >
>> > dn: uid=mwvande,ou=People,dc=mnet,dc=qintra,dc=com
>> > mnetid: 004311
>> >
>> > (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]]
>> [dp_get_account_info_handler]
>> > (0x0200): Got request for [0x1][BE_REQ_USER][idnumber=4311]
>> > (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
>> > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectclass=
>> > mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0))))][ou=People,dc=
>> > mnet,dc=qintra,dc=com].
>> > (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] [dp_table_value_destructor]
>> > (0x0400): Removing [0:1:0x0001:1::LDAP:idnumber=4311] from reply table
>> > (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]]
>> [dp_get_account_info_handler]
>> > (0x0200): Got request for [0x2][BE_REQ_GROUP][idnumber=4311]
>> > (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
>> > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectClass=
>> > inetOrgPerson)(uid=*)(&(mnetid=*)(!(mnetid=0))))][ou=
>> > People,dc=mnet,dc=qintra,dc=com].
>> > (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] [dp_table_value_destructor]
>> > (0x0400): Removing [0:1:0x0001:2::LDAP:idnumber=4311] from reply table
>> > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]]
>> [dp_get_account_info_handler]
>> > (0x0200): Got request for [0x1][BE_REQ_USER][name=4311@ldap]
>> > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
>> > (0x0400): calling ldap_search_ext with [(&(uid=4311)(objectclass=
>> > mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0))))][ou=People,dc=
>> > mnet,dc=qintra,dc=com].
>> > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [dp_table_value_destructor]
>> > (0x0400): Removing [0:1:0x0001:1::LDAP:name=4311@ldap] from reply table
>> > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]]
>> [dp_get_account_info_handler]
>> > (0x0200): Got request for [0x1][BE_REQ_USER][idnumber=4311]
>> > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
>> > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectclass=
>> > mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0))))][ou=People,dc=
>> > mnet,dc=qintra,dc=com].
>> > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [dp_table_value_destructor]
>> > (0x0400): Removing [0:1:0x0001:1::LDAP:idnumber=4311] from reply table
>> > (Thu Mar 8 22:11:38 2018) [sssd[be[LDAP]]]
>> [dp_get_account_info_handler]
>> > (0x0200): Got request for [0x2][BE_REQ_GROUP][idnumber=4311]
>> > (Thu Mar 8 22:11:38 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
>> > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectClass=
>> > inetOrgPerson)(uid=*)(&(mnetid=*)(!(mnetid=0))))][ou=
>> > People,dc=mnet,dc=qintra,dc=com].
>> > (Thu Mar 8 22:11:38 2018) [sssd[be[LDAP]]] [dp_table_value_destructor]
>> > (0x0400): Removing [0:1:0x0001:2::LDAP:idnumber=4311] from reply table
>> > (Thu Mar 8 22:12:00 2018) [sssd[be[LDAP]]]
>> [dp_get_account_info_handler]
>> > (0x0200): Got request for [0x2][BE_REQ_GROUP][idnumber=4311]
>> > (Thu Mar 8 22:12:00 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
>> > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectClass=
>> > inetOrgPerson)(uid=*)(&(mnetid=*)(!(mnetid=0))))][ou=
>> > People,dc=mnet,dc=qintra,dc=com].
>> > (Thu Mar 8 22:12:00 2018) [sssd[be[LDAP]]] [dp_table_value_destructor]
>> > (0x0400): Removing [0:1:0x0001:2::LDAP:idnumber=4311] from reply table
>> >
>> >
>> > (Thu Mar 8 22:10:22 2018) [sssd[nss]] [nss_getby_id] (0x0400): Input
>> ID:
>> > 4311
>> > (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_search_send]
>> (0x0400): CR
>> > #913574: Looking up UID:4311@LDAP
>> > (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_search_ncache]
>> (0x0400):
>> > CR #913574: Checking negative cache for [UID:4311@LDAP]
>> > (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_search_ncache]
>> (0x0400):
>> > CR #913574: [UID:4311@LDAP] is not present in negative cache
>> > (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_search_cache]
>> (0x0400):
>> > CR #913574: Looking up [UID:4311@LDAP] in cache
>> > (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_search_cache]
>> (0x0400):
>> > CR #913574: Object [UID:4311@LDAP] was not found in cache
>> > (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_search_dp] (0x0400):
>> CR
>> > #913574: Looking up [UID:4311@LDAP] in data provider
>> > (Thu Mar 8 22:10:22 2018) [sssd[nss]] [sss_dp_issue_request] (0x0400):
>> > Issuing request for [0x5641be284b10:1:4311@LDAP]
>> > (Thu Mar 8 22:10:22 2018) [sssd[nss]] [sss_dp_get_account_msg]
>> (0x0400):
>> > Creating request for [LDAP][0x1][BE_REQ_USER][idnumber=4311:-]
>> > (Thu Mar 8 22:10:22 2018) [sssd[nss]] [sss_dp_internal_get_send]
>> (0x0400):
>> > Entering request [0x5641be284b10:1:4311@LDAP]
>> > (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_search_cache]
>> (0x0400):
>> > CR #913574: Looking up [UID:4311@LDAP] in cache
>> > (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_search_cache]
>> (0x0400):
>> > CR #913574: Object [UID:4311@LDAP] was not found in cache
>> > (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_global_ncache_add]
>> > (0x0400): CR #913574: Adding [UID:4311@LDAP] to global negative cache
>> > (Thu Mar 8 22:10:22 2018) [sssd[nss]] [sss_ncache_set_str] (0x0400):
>> > Adding [NCE/UID/4311] to negative cache
>> > (Thu Mar 8 22:10:22 2018) [sssd[nss]] [sss_dp_req_destructor] (0x0400):
>> > Deleting request: [0x5641be284b10:1:4311@LDAP]
>> > (Thu Mar 8 22:10:29 2018) [sssd[nss]] [nss_getby_id] (0x0400): Input
>> ID:
>> > 4311
>> > (Thu Mar 8 22:10:29 2018) [sssd[nss]] [cache_req_search_send]
>> (0x0400): CR
>> > #913598: Looking up GID:4311@LDAP
>> > (Thu Mar 8 22:10:29 2018) [sssd[nss]] [cache_req_search_ncache]
>> (0x0400):
>> > CR #913598: Checking negative cache for [GID:4311@LDAP]
>> > (Thu Mar 8 22:10:29 2018) [sssd[nss]] [cache_req_search_ncache]
>> (0x0400):
>> > CR #913598: [GID:4311@LDAP] is not present in negative cache
>> > (Thu Mar 8 22:10:29 2018) [sssd[nss]] [cache_req_search_cache]
>> (0x0400):
>> > CR #913598: Looking up [GID:4311@LDAP] in cache
>> > (Thu Mar 8 22:10:29 2018) [sssd[nss]] [cache_req_search_cache]
>> (0x0400):
>> > CR #913598: Object [GID:4311@LDAP] was not found in cache
>> > (Thu Mar 8 22:10:29 2018) [sssd[nss]] [cache_req_search_dp] (0x0400):
>> CR
>> > #913598: Looking up [GID:4311@LDAP] in data provider
>> > (Thu Mar 8 22:10:29 2018) [sssd[nss]] [sss_dp_issue_request] (0x0400):
>> > Issuing request for [0x5641be284b10:2:4311@LDAP]
>> > (Thu Mar 8 22:10:29 2018) [sssd[nss]] [sss_dp_get_account_msg]
>> (0x0400):
>> > Creating request for [LDAP][0x2][BE_REQ_GROUP][idnumber=4311:-]
>> > (Thu Mar 8 22:10:29 2018) [sssd[nss]] [sss_dp_internal_get_send]
>> (0x0400):
>> > Entering request [0x5641be284b10:2:4311@LDAP]
>> > (Thu Mar 8 22:10:29 2018) [sssd[nss]] [cache_req_search_cache]
>> (0x0400):
>> > CR #913598: Looking up [GID:4311@LDAP] in cache
>> > (Thu Mar 8 22:10:29 2018) [sssd[nss]] [cache_req_search_cache]
>> (0x0400):
>> > CR #913598: Object [GID:4311@LDAP] was not found in cache
>> > (Thu Mar 8 22:10:29 2018) [sssd[nss]] [cache_req_global_ncache_add]
>> > (0x0400): CR #913598: Adding [GID:4311@LDAP] to global negative cache
>> > (Thu Mar 8 22:10:29 2018) [sssd[nss]] [sss_ncache_set_str] (0x0400):
>> > Adding [NCE/GID/4311] to negative cache
>> > (Thu Mar 8 22:10:29 2018) [sssd[nss]] [sss_dp_req_destructor] (0x0400):
>> > Deleting request: [0x5641be284b10:2:4311@LDAP]
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [nss_getby_name] (0x0400): Input
>> > name: 4311
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [cache_req_process_input]
>> (0x0400):
>> > CR #913740: Parsing input name [4311]
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [sss_parse_name_for_domains]
>> > (0x0200): name '4311' matched without domain, user is 4311
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [cache_req_set_name] (0x0400): CR
>> > #913740: Setting name [4311]
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [cache_req_search_send]
>> (0x0400): CR
>> > #913740: Looking up 4311@ldap
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [cache_req_search_ncache]
>> (0x0400):
>> > CR #913740: Checking negative cache for [4311@ldap]
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [cache_req_search_ncache]
>> (0x0400):
>> > CR #913740: [4311@ldap] is not present in negative cache
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [cache_req_search_cache]
>> (0x0400):
>> > CR #913740: Looking up [4311@ldap] in cache
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [cache_req_search_cache]
>> (0x0400):
>> > CR #913740: Object [4311@ldap] was not found in cache
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [cache_req_search_dp] (0x0400):
>> CR
>> > #913740: Looking up [4311@ldap] in data provider
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [sss_dp_issue_request] (0x0400):
>> > Issuing request for [0x5641be284b10:1:4311@ldap@LDAP]
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [sss_dp_get_account_msg]
>> (0x0400):
>> > Creating request for [LDAP][0x1][BE_REQ_USER][name=4311@ldap:-]
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [sss_dp_internal_get_send]
>> (0x0400):
>> > Entering request [0x5641be284b10:1:4311@ldap@LDAP]
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [cache_req_search_cache]
>> (0x0400):
>> > CR #913740: Looking up [4311@ldap] in cache
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [cache_req_search_cache]
>> (0x0400):
>> > CR #913740: Object [4311@ldap] was not found in cache
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [cache_req_search_ncache_add]
>> > (0x0400): CR #913740: Adding [4311@ldap] to negative cache
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [sss_ncache_set_str] (0x0400):
>> > Adding [NCE/USER/LDAP/4311@ldap] to negative cache
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [sss_dp_req_destructor] (0x0400):
>> > Deleting request: [0x5641be284b10:1:4311@ldap@LDAP]
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [nss_getby_id] (0x0400): Input
>> ID:
>> > 4311
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [cache_req_search_send]
>> (0x0400): CR
>> > #913741: Looking up UID:4311@LDAP
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [cache_req_search_ncache]
>> (0x0400):
>> > CR #913741: Checking negative cache for [UID:4311@LDAP]
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [cache_req_search_ncache]
>> (0x0400):
>> > CR #913741: [UID:4311@LDAP] is not present in negative cache
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [cache_req_search_cache]
>> (0x0400):
>> > CR #913741: Looking up [UID:4311@LDAP] in cache
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [cache_req_search_cache]
>> (0x0400):
>> > CR #913741: Object [UID:4311@LDAP] was not found in cache
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [cache_req_search_dp] (0x0400):
>> CR
>> > #913741: Looking up [UID:4311@LDAP] in data provider
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [sss_dp_issue_request] (0x0400):
>> > Issuing request for [0x5641be284b10:1:4311@LDAP]
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [sss_dp_get_account_msg]
>> (0x0400):
>> > Creating request for [LDAP][0x1][BE_REQ_USER][idnumber=4311:-]
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [sss_dp_internal_get_send]
>> (0x0400):
>> > Entering request [0x5641be284b10:1:4311@LDAP]
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [cache_req_search_cache]
>> (0x0400):
>> > CR #913741: Looking up [UID:4311@LDAP] in cache
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [cache_req_search_cache]
>> (0x0400):
>> > CR #913741: Object [UID:4311@LDAP] was not found in cache
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [cache_req_global_ncache_add]
>> > (0x0400): CR #913741: Adding [UID:4311@LDAP] to global negative cache
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [sss_ncache_set_str] (0x0400):
>> > Adding [NCE/UID/4311] to negative cache
>> > (Thu Mar 8 22:11:14 2018) [sssd[nss]] [sss_dp_req_destructor] (0x0400):
>> > Deleting request: [0x5641be284b10:1:4311@LDAP]
>> > (Thu Mar 8 22:11:15 2018) [sssd[nss]] [nss_getby_name] (0x0400): Input
>> > name: 4311
>> > (Thu Mar 8 22:11:15 2018) [sssd[nss]] [cache_req_process_input]
>> (0x0400):
>> > CR #913742: Parsing input name [4311]
>> > (Thu Mar 8 22:11:15 2018) [sssd[nss]] [sss_parse_name_for_domains]
>> > (0x0200): name '4311' matched without domain, user is 4311
>> > (Thu Mar 8 22:11:15 2018) [sssd[nss]] [cache_req_set_name] (0x0400): CR
>> > #913742: Setting name [4311]
>> > (Thu Mar 8 22:11:15 2018) [sssd[nss]] [cache_req_search_send]
>> (0x0400): CR
>> > #913742: Looking up 4311@ldap
>> > (Thu Mar 8 22:11:15 2018) [sssd[nss]] [cache_req_search_ncache]
>> (0x0400):
>> > CR #913742: Checking negative cache for [4311@ldap]
>> > (Thu Mar 8 22:11:15 2018) [sssd[nss]] [cache_req_search_ncache]
>> (0x0400):
>> > CR #913742: [4311@ldap] does not exist (negative cache)
>> > (Thu Mar 8 22:11:15 2018) [sssd[nss]] [nss_getby_id] (0x0400): Input
>> ID:
>> > 4311
>> > (Thu Mar 8 22:11:15 2018) [sssd[nss]] [cache_req_search_send]
>> (0x0400): CR
>> > #913743: Looking up UID:4311@LDAP
>> > (Thu Mar 8 22:11:15 2018) [sssd[nss]] [cache_req_search_ncache]
>> (0x0400):
>> > CR #913743: Checking negative cache for [UID:4311@LDAP]
>> > (Thu Mar 8 22:11:15 2018) [sssd[nss]] [cache_req_search_ncache]
>> (0x0400):
>> > CR #913743: [UID:4311@LDAP] does not exist (negative cache)
>> > (Thu Mar 8 22:11:38 2018) [sssd[nss]] [nss_getby_id] (0x0400): Input
>> ID:
>> > 4311
>> > (Thu Mar 8 22:11:38 2018) [sssd[nss]] [cache_req_search_send]
>> (0x0400): CR
>> > #913764: Looking up GID:4311@LDAP
>> > (Thu Mar 8 22:11:38 2018) [sssd[nss]] [cache_req_search_ncache]
>> (0x0400):
>> > CR #913764: Checking negative cache for [GID:4311@LDAP]
>> > (Thu Mar 8 22:11:38 2018) [sssd[nss]] [cache_req_search_ncache]
>> (0x0400):
>> > CR #913764: [GID:4311@LDAP] is not present in negative cache
>> > (Thu Mar 8 22:11:38 2018) [sssd[nss]] [cache_req_search_cache]
>> (0x0400):
>> > CR #913764: Looking up [GID:4311@LDAP] in cache
>> > (Thu Mar 8 22:11:38 2018) [sssd[nss]] [cache_req_search_cache]
>> (0x0400):
>> > CR #913764: Object [GID:4311@LDAP] was not found in cache
>> > (Thu Mar 8 22:11:38 2018) [sssd[nss]] [cache_req_search_dp] (0x0400):
>> CR
>> > #913764: Looking up [GID:4311@LDAP] in data provider
>> > (Thu Mar 8 22:11:38 2018) [sssd[nss]] [sss_dp_issue_request] (0x0400):
>> > Issuing request for [0x5641be284b10:2:4311@LDAP]
>> > (Thu Mar 8 22:11:38 2018) [sssd[nss]] [sss_dp_get_account_msg]
>> (0x0400):
>> > Creating request for [LDAP][0x2][BE_REQ_GROUP][idnumber=4311:-]
>> > (Thu Mar 8 22:11:38 2018) [sssd[nss]] [sss_dp_internal_get_send]
>> (0x0400):
>> > Entering request [0x5641be284b10:2:4311@LDAP]
>> > (Thu Mar 8 22:11:38 2018) [sssd[nss]] [cache_req_search_cache]
>> (0x0400):
>> > CR #913764: Looking up [GID:4311@LDAP] in cache
>> > (Thu Mar 8 22:11:38 2018) [sssd[nss]] [cache_req_search_cache]
>> (0x0400):
>> > CR #913764: Object [GID:4311@LDAP] was not found in cache
>> > (Thu Mar 8 22:11:38 2018) [sssd[nss]] [cache_req_global_ncache_add]
>> > (0x0400): CR #913764: Adding [GID:4311@LDAP] to global negative cache
>> > (Thu Mar 8 22:11:38 2018) [sssd[nss]] [sss_ncache_set_str] (0x0400):
>> > Adding [NCE/GID/4311] to negative cache
>> > (Thu Mar 8 22:11:38 2018) [sssd[nss]] [sss_dp_req_destructor] (0x0400):
>> > Deleting request: [0x5641be284b10:2:4311@LDAP]
>> > (Thu Mar 8 22:12:00 2018) [sssd[nss]] [nss_getby_id] (0x0400): Input
>> ID:
>> > 4311
>> > (Thu Mar 8 22:12:00 2018) [sssd[nss]] [cache_req_search_send]
>> (0x0400): CR
>> > #913765: Looking up GID:4311@LDAP
>> > (Thu Mar 8 22:12:00 2018) [sssd[nss]] [cache_req_search_ncache]
>> (0x0400):
>> > CR #913765: Checking negative cache for [GID:4311@LDAP]
>> > (Thu Mar 8 22:12:00 2018) [sssd[nss]] [cache_req_search_ncache]
>> (0x0400):
>> > CR #913765: [GID:4311@LDAP] is not present in negative cache
>> > (Thu Mar 8 22:12:00 2018) [sssd[nss]] [cache_req_search_cache]
>> (0x0400):
>> > CR #913765: Looking up [GID:4311@LDAP] in cache
>> > (Thu Mar 8 22:12:00 2018) [sssd[nss]] [cache_req_search_cache]
>> (0x0400):
>> > CR #913765: Object [GID:4311@LDAP] was not found in cache
>> > (Thu Mar 8 22:12:00 2018) [sssd[nss]] [cache_req_search_dp] (0x0400):
>> CR
>> > #913765: Looking up [GID:4311@LDAP] in data provider
>> > (Thu Mar 8 22:12:00 2018) [sssd[nss]] [sss_dp_issue_request] (0x0400):
>> > Issuing request for [0x5641be284b10:2:4311@LDAP]
>> > (Thu Mar 8 22:12:00 2018) [sssd[nss]] [sss_dp_get_account_msg]
>> (0x0400):
>> > Creating request for [LDAP][0x2][BE_REQ_GROUP][idnumber=4311:-]
>> > (Thu Mar 8 22:12:00 2018) [sssd[nss]] [sss_dp_internal_get_send]
>> (0x0400):
>> > Entering request [0x5641be284b10:2:4311@LDAP]
>> > (Thu Mar 8 22:12:00 2018) [sssd[nss]] [cache_req_search_cache]
>> (0x0400):
>> > CR #913765: Looking up [GID:4311@LDAP] in cache
>> > (Thu Mar 8 22:12:00 2018) [sssd[nss]] [cache_req_search_cache]
>> (0x0400):
>> > CR #913765: Object [GID:4311@LDAP] was not found in cache
>> > (Thu Mar 8 22:12:00 2018) [sssd[nss]] [cache_req_global_ncache_add]
>> > (0x0400): CR #913765: Adding [GID:4311@LDAP] to global negative cache
>> > (Thu Mar 8 22:12:00 2018) [sssd[nss]] [sss_ncache_set_str] (0x0400):
>> > Adding [NCE/GID/4311] to negative cache
>> > (Thu Mar 8 22:12:00 2018) [sssd[nss]] [sss_dp_req_destructor] (0x0400):
>> > Deleting request: [0x5641be284b10:2:4311@LDAP]
>> >
>> >
>> >
>> >
>> > >
>> > > > On 28 Feb 2018, at 01:30, Asif Iqbal <vadud3(a)gmail.com>
wrote:
>> > > >
>> > > >
>> > > >
>> > > > On Tue, Feb 27, 2018 at 1:12 PM, Asif Iqbal
<vadud3(a)gmail.com>
>> wrote:
>> > > >
>> > > >
>> > > > On Tue, Feb 27, 2018 at 3:37 AM, Sumit Bose
<sbose(a)redhat.com>
>> wrote:
>> > > > On Mon, Feb 26, 2018 at 10:21:14PM -0500, Asif Iqbal wrote:
>> > > > > I have 300 out of 3000 users whose /home/<username>
dir shows uid
>> and
>> > > gid
>> > > > > instead of username and groupname.
>> > > > >
>> > > > > It seems to be behaving like a bug
>> > > > >
>> > > > > As soon I become a user with `sudo su - username' the
uid of the
>> home
>> > > dir
>> > > > > changes to username but gid still does not change to
groupname.
>> > > > >
>> > > > > I also get an error message, but still successfully become
that
>> user
>> > > > >
>> > > > > $ ls -ld /home/mbniels
>> > > > > drwx------. 3 80974 80974 4096 Feb 27 02:15 /home/mbniels
>> > > > >
>> > > > > $ su - mbniels
>> > > > > Last login: Tue Feb 27 02:34:04 UTC 2018 on pts/39
>> > > > > /usr/bin/id: cannot find name for group ID 80974
>> > > > > groups: cannot find name for group ID 80974
>> > > > >
>> > > > > $ ls -ld /home/mbniels
>> > > > > drwx------. 3 mbniels 80974 4096 Feb 27 02:15 /home/mbniels
>> > > > >
>> > > > > Then to check the groups of username I get another error
which
>> then
>> > > gets
>> > > > > cleared by next command.
>> > > > >
>> > > > > $ groups mbniels
>> > > > > mbniels : groups: cannot find name for group ID 80974
>> > > > > 80974 users
>> > > > >
>> > > > > $ getent group mbniels
>> > > > > mbniels:*:80974
>> > > > >
>> > > > > $ groups mbniels
>> > > > > mbniels : mbniels users
>> > > > >
>> > > > > It also fixes the gid to groupname
>> > > > >
>> > > > > $ ls -ld /home/mbniels/
>> > > > > drwx------. 3 mbniels mbniels 4096 Feb 27 02:15
/home/mbniels/
>> > > > >
>> > > > > I noticed it reverts after may be within half an hour, not
exact
>> sure
>> > > when.
>> > > > > Almost behaves like `quantum entanglement'.
>> > > > > As soon as I try to check by trying to become that user the
issue
>> > > > > disappears.
>> > > > >
>> > > > > This is not just cosmetic issue, when the home dir shows
>> ownership with
>> > > > > uid, instead of username, the user fails some commands.
>> > > > >
>> > > > > We just started noticing today, since we just built this box
and
>> only
>> > > few
>> > > > > months ago and users are being invited to start using this
server
>> > > > >
>> > > > > Some annoying error it is showing like below and user then
fails
>> to ssh
>> > > > >
>> > > > > $ ssh remote
>> > > > > No user exists for uid 80974
>> > > > >
>> > > > > I am using centos 7 and sssd 1.15.2
>> > > > >
>> > > > > $ cat /etc/redhat-release
>> > > > > CentOS Linux release 7.4.1708 (Core)
>> > > > >
>> > > > > $ sssd --version
>> > > > > 1.15.2
>> > > > >
>> > > > > Here are some relevant logs
>> > > > >
https://paste.fedoraproject.org/paste/gBaZ-Vr8Urh-M5ABpaRNuA
>> > > >
>> > > > It looks like you are not using a plain RFC2307bis LDAP schema.
Can
>> you
>> > > > send you sssd.conf and a typical LDAP user and group object?
>> > > >
>> > > > bye,
>> > > > Sumit
>> > > >
>> > > >
>> > > > Here is an ldap user and I using same info as group (sanitized)
>> > > >
>> > > > dn: uid=mbniels,ou=People,dc=example,dc=com
>> > > > roomNumber: 123456
>> > > > departmentNumber: 3.11.3
>> > > > tier1: Technology
>> > > > joblevel: 6
>> > > > legacycompany: G
>> > > > mobile: +11234567890
>> > > > manager: uid=managerid,ou=People,dc=example,dc=com
>> > > > departmentname: TESTING & INTEG
>> > > > costcenter: S0019751
>> > > > companynumber: S001
>> > > > companyname: EXAMPLE COMPANY
>> > > > displayName: FOO, BAR
>> > > > preferredname: Mark
>> > > > docshareaccess: TRUE
>> > > > sAMAccountName: mbniels
>> > > > l: XX
>> > > > street: 123 example ave
>> > > > saploginid: foobar
>> > > > title: LEAD ARCHITECT
>> > > > postalCode: 123456
>> > > > employeeNumber: 00112233
>> > > > mail: foo.bar(a)example.com
>> > > > objectClass: top
>> > > > objectClass: person
>> > > > objectClass: organizationalPerson
>> > > > objectClass: inetOrgPerson
>> > > > objectClass: mnetPerson
>> > > > mnetid: 080974
>> > > > uid: mbniels
>> > > > givenName: Mark
>> > > > st: XX
>> > > > cn: Foo Bar
>> > > > sn: Bar
>> > > > employeeType: Management
>> > > > initials: X
>> > > > nationnumber: USA
>> > > > nationname: United States
>> > > >
>> > > >
>> > > >
>> > > > I am still looking for some help on this.
>> > > >
>> > > >
>> > > >
>> > > > --
>> > > > Asif Iqbal
>> > > > PGP Key: 0xE62693C5 KeyServer:
pgp.mit.edu
>> > > > A: Because it messes up the order in which people normally read
>> text.
>> > > > Q: Why is top-posting such a bad thing?
>> > > >
>> > > > _______________________________________________
>> > > > sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
>> > > > To unsubscribe send an email to sssd-users-leave(a)lists.fedorah
>>
osted.org
>> > > _______________________________________________
>> > > sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
>> > > To unsubscribe send an email to sssd-users-leave(a)lists.fedorah
>>
osted.org
>> > >
>> >
>> >
>> >
>> > --
>> > Asif Iqbal
>> > PGP Key: 0xE62693C5 KeyServer:
pgp.mit.edu
>> > A: Because it messes up the order in which people normally read text.
>> > Q: Why is top-posting such a bad thing?
>>
>> > _______________________________________________
>> > sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
>> > To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
>> _______________________________________________
>> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
>> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
>>
>
>
>
> --
> Asif Iqbal
> PGP Key: 0xE62693C5 KeyServer:
pgp.mit.edu
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
>
>
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer:
pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org