Hi,

I'm working on setting a LDAP proxy (with OpenLDAP) to ActiveDirectory. And testing the proxy with SSSD gives me strange results I don't understand. When someone is trying to connect to a Linuxbox on which SSSD is looking after the LDAP-Proxy, it fails because of a bad filter thing (which is OK, as you'll see in the logs). The logs from SSSD shows:

(Thu Jul 16 14:51:00 2015) [sssd[be[DOMAIN]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=christian.tardif1)(objectclass=user)(uid=*)((null)=*))][ou=users,ou=outhing,dc=domain,dc=int].
(Thu Jul 16 14:51:00 2015) [sssd[be[LABNHS]]] [sdap_get_generic_ext_step] (0x0080): ldap_search_ext failed: Bad search filter

 

Look at that (null)=* thing. Where does that comes from ?   My sssd.conf looks like:

[domain/DOMAIN]
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
access_provider = simple
ldap_uri = ldap://172.22.211.114/
ldap_search_base = ou=outhing,dc=domain,dc=int
#ldap_default_bind_dn = cn=ldap binduser,ou=others,ou=users,ou=outhing,dc=domain,dc=int
#ldap_default_authtok = B1ndPassw0rd!
ldap_default_bind_dn = cn=Manager,dc=domain,dc=int
ldaP_default_authtok = *********
ldap_default_authtok_type = password
ldap_user_name = uid
ldap_user_object_class = user
ldap_user_search_base = ou=users,ou=outhing,dc=domain,dc=int
ldap_user_extra_attrs = mail
ldap_group_object_class = group
ldap_group_search_base = ou=groups,ou=outhing,dc=domain,dc=int
ldap_id_mapping = true
ldap_schema = rfc2307bis
ldap_tls_reqcert = never
ldap_id_use_start_tls = false
ldap_network_timeout = 6
override_gid = 100
enumerate = true
cache_credentials = true
cache_sensitive = false
entry_cache_timeout = 300
debug_level = 6

[sssd]
services = nss, pam
config_file_version = 2
domains = DOMAIN

[nss]
filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd
override_homedir = /home/%u
default_shell = /bin/bash

[pam]

[sudo]

[autofs]

[ssh]

 
Is something wrong in my config to create this (null)=* thing ?
--

Christian Tardif