On 29 Aug 2017, at 16:27, Mukund <mukundaraman.v(a)agilisium.com>
wrote:
Hi
I am trying to configure SSSD in all the datanodes and namenodes on a HDP cluster.
Following is my config.
The local group id and LDAP group id created by SSSD are conflicting because of which
certain functionalities are not working as desired.
I have configured as follows: and getting the error given below the config:
[sssd]
config_file_version = 2
services = nss, pam
domains = LDAP
reconnection_retries = 3
debug_level = 4
[nss]
filter_users = root,centos,ec2-user
filter_groups = root
reconnection_retries = 3
debug_level = 4
[pam]
reconnection_retries = 3
[domain/LDAP1]
id_provider = ldap
auth_provider = ldap
ldap_schema = rfc2307
ldap_uri = <uri>
ldap_default_bind_dn = cn=admin,dc=gtm,dc=juniper,dc=net
ldap_default_authtok = <pwd>
ldap_default_authtok_type = password
ldap_search_base = dc=gtm,dc=juniper,dc=net
ldap_user_search_base = ou=users,dc=gtm,dc=juniper,dc=net
ldap_group_search_base = ou=groups,dc=gtm,dc=juniper,dc=net
ldap_user_object_class = posixAccount
ldap_user_gecos = cn
ldap_tls_reqcert = hard
ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
ldap_id_use_start_tls = false
debug_level = 7
override_shell = /bin/bash
cache_credentials = true
min_id = 5000
max_id = 25000
Well, these two parametres specify the valid range for the IDs coming from the remote
source. Can you check the uidNumber and gidNumber of ambari-qa and whether is it within
this range?
enumerate = false
Error
(Tue Aug 29 14:24:12 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0040): User [ambari-qa]
filtered out! (uid out of range)
(Tue Aug 29 14:24:12 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0020): Failed to save
user [ambari-qa]
is there a way to overcome this error. Any way to have the uid in range?
Any help is greatly appreciated.
Regards
Mukund
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org