Non it didn't. I'm getting the same issue with or without enabling
referrals. The only way to keep the sssd daemon up has been, so far, to
disable enumeration (enumerate = false) in the domain config.
---
Christian Tardif
christian.tardif(a)servinfo.ca
-------------------------
On 2015-01-15 03:41, Lukas Slebodnik wrote:
On (13/01/15 08:58), Lukas Slebodnik wrote:
On (13/01/15 03:43), Christian Tardif wrote: OK, now I can login. I was using
pam_listfile.so module, but the required group to allow login did not have required posix
gid to be available in the linux box. Now it has. So my main problem is the unability to
use enumerate=true. Not necessarily a big deal, but maybe worth verifying why, though. I
looked to the log file one more time and I found that crash happend just with enumerating
services. It might be caused by fact that different LDAP connection tried to be used for
services. [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to
[ldap://orion.int.servinfo.test:389/??base] with fd [19]. [sdap_get_rootdse_send]
(0x4000): Getting rootdse //snip [sdap_get_services_next_base] (0x0400): Searching for
services with base [dc=servinfo,dc=test] [sdap_get_generic_ext_step] (0x0400): calling
ldap_search_ext with
[(&(objectclass=ipService)(cn=*)(ipServicePort=*)(ipServiceProtocol=*))
[sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectClass]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [ipServicePort] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipServiceProtocol] [sdap_get_generic_ext_step] (0x1000): Requesting
attrs: [uSNChanged] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid =
5 [sdap_process_result] (0x2000): Trace: sh[0x256a080], connected[1], ops[0x256b430],
ldap[0x256a190] [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to
[ldap://servinfo.test/CN=Configuration,DC=servinfo,DC=test] with fd [21] //after few lines
[sdap_process_result] (0x0040): ldap_result error: [Can't contact LDAP server]
[remove_connection_callback] (0x4000): Successfully removed connection callback.
[server_setup] (0x0400): CONFDB: /var/lib/sss/db/config.ldb ^^^^^^^^^^^^^ process was
restarted I can see in log file that just 1st LDAP server should be used. [dp_get_options]
(0x0400): Opti
on
ldap_uri has value ldap://orion.int.servinfo.test/ I may be wrong but it may be caused by
LDAP referrals. You can try to disable it in sssd. Put next line into domain section of
sssd.conf ldap_referrals = false
Cristian,
dit it help to disable referrals?
LS