Hi
I am trying to configure SSSD in all the datanodes and namenodes on a HDP cluster. Following is my config.
The local group id and LDAP group id created by SSSD are conflicting because of which certain functionalities are not working as desired.
I have configured as follows: and getting the error given below the config:
[sssd] config_file_version = 2 services = nss, pam domains = LDAP reconnection_retries = 3 debug_level = 4
[nss] filter_users = root,centos,ec2-user filter_groups = root reconnection_retries = 3 debug_level = 4
[pam] reconnection_retries = 3
[domain/LDAP1] id_provider = ldap auth_provider = ldap ldap_schema = rfc2307 ldap_uri = <uri> ldap_default_bind_dn = cn=admin,dc=gtm,dc=juniper,dc=net ldap_default_authtok = <pwd> ldap_default_authtok_type = password ldap_search_base = dc=gtm,dc=juniper,dc=net ldap_user_search_base = ou=users,dc=gtm,dc=juniper,dc=net ldap_group_search_base = ou=groups,dc=gtm,dc=juniper,dc=net ldap_user_object_class = posixAccount ldap_user_gecos = cn ldap_tls_reqcert = hard ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt ldap_id_use_start_tls = false debug_level = 7 override_shell = /bin/bash cache_credentials = true min_id = 5000 max_id = 25000 enumerate = false
*Error*
(Tue Aug 29 14:24:12 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0040): User [ambari-qa] filtered out! (uid out of range) (Tue Aug 29 14:24:12 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0020): Failed to save user [ambari-qa]
is there a way to overcome this error. Any way to have the uid in range?
Any help is greatly appreciated.
Regards Mukund
On 29 Aug 2017, at 16:27, Mukund mukundaraman.v@agilisium.com wrote:
Hi
I am trying to configure SSSD in all the datanodes and namenodes on a HDP cluster. Following is my config.
The local group id and LDAP group id created by SSSD are conflicting because of which certain functionalities are not working as desired.
I have configured as follows: and getting the error given below the config:
[sssd] config_file_version = 2 services = nss, pam domains = LDAP reconnection_retries = 3 debug_level = 4
[nss] filter_users = root,centos,ec2-user filter_groups = root reconnection_retries = 3 debug_level = 4
[pam] reconnection_retries = 3
[domain/LDAP1] id_provider = ldap auth_provider = ldap ldap_schema = rfc2307 ldap_uri = <uri> ldap_default_bind_dn = cn=admin,dc=gtm,dc=juniper,dc=net ldap_default_authtok = <pwd> ldap_default_authtok_type = password ldap_search_base = dc=gtm,dc=juniper,dc=net ldap_user_search_base = ou=users,dc=gtm,dc=juniper,dc=net ldap_group_search_base = ou=groups,dc=gtm,dc=juniper,dc=net ldap_user_object_class = posixAccount ldap_user_gecos = cn ldap_tls_reqcert = hard ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt ldap_id_use_start_tls = false debug_level = 7 override_shell = /bin/bash cache_credentials = true min_id = 5000 max_id = 25000
Well, these two parametres specify the valid range for the IDs coming from the remote source. Can you check the uidNumber and gidNumber of ambari-qa and whether is it within this range?
enumerate = false
Error
(Tue Aug 29 14:24:12 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0040): User [ambari-qa] filtered out! (uid out of range) (Tue Aug 29 14:24:12 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0020): Failed to save user [ambari-qa]
is there a way to overcome this error. Any way to have the uid in range?
Any help is greatly appreciated.
Regards Mukund _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
sssd-users@lists.fedorahosted.org