> On Thu, Aug 13, 2015 at 04:32:12PM +0000, Longina Przybyszewska
wrote:
> > Hi,
> > I have an issue with SSSD-1.12.5 with resolving group membership.
> > Only Posix primary group is displayed for users accounts.
> >
> > Group is visible on the system but not displayed from 'id' or
'groups'
> commands.
> >
> > getent group 30000005
> > data-adm-lnx-nfs0a-rw-id-00001:*:30000005:
> >
> > getent group data-adm-lnx-nfs0a-rw-id-00001
> > data-adm-lnx-nfs0a-rw-id-00001:*:30000005:
> >
> > id user1
> > uid=xxxxxxx(user1) gid=30000000(lnx-primary)
> > groups=30000000(lnx-primary)
> >
> > Group object has Posix gid and is setup as universal group in realm
>
A.C.DOM.ORG:
> > ...
> > gidNumber = 30000005
> > memberUid: user1, user2
> > ....
> > I have AD as id_,access_auth_provider.
> > Users have got Posix attributes in AD.
> > Computer and group objects are from the same realm:
A.C.DOM.ORG.
> > User objects are in all realms:
N.C.DOM.ORG,
A.C.DOM.ORG,
C.DOM.ORG
> >
> >
> > With my setup I can achieve:
> > - login with short names across realm
> > - access kerberized nfs homedir
> >
> > Is there a way to resolve correctly group's membership with this setup??
>
> It's not really possible to answer without logs, but if you're looking
> for cross- domain memberships, then you need to use only one [domain]
> section in sssd.conf and let the id_provider=ad (or rather
> subdomain_provider=ad, but its value is inherited from id_provider, no
> need to set it explicitly) discover the subdomains.
>
> What might also be problematic is using POSIX IDs -- because only the
> Global Catalog can be used to resolve cross-domain memberships at the
> moment and POSIX attributes are not normally present in GC, then maybe
> the safest way would be to modify the AD schema to replicate the
attributes to GC.
I mean we now have replica of Posix attributer in GC;
In my setup, each domain make search only in own domain scope with the option
"ad_subdomain = none"
If all groups are in
a.c.dom.org domain - can I somehow modify that domain's setup to
be able to get the
right membership for users from other domains, incl. a.c.dom.org?
Ldap search on GC port in
n.c.dom.org domain:
ldapsearch -H ldap://ldap.n.c.dom.org:3268 -Y GSSAPI -b
"dc=n,dc=c,dc=dom,dc=org"
"(&(objectClass=user)(sAMAccountName=user1))" | grep memberOf
SASL/GSSAPI authentication started
....
memberOf: CN=FNC-DATA-ADM-LNX-NFS0A-RW-ID-00001,OU=ADM-LNX-NFS0A,OU=DATA,OU=FN
memberOf: CN=DATA-ADM-LNX-NFS0A-RO-ID-00001,OU=ADM-LNX-NFS0A,OU=DATA,OU=ADGrou
memberOf: CN=DATA-ADM-LNX-NFS0A-RW-ID-00001,OU=ADM-LNX-NFS0A,OU=DATA,OU=ADGrou
.....
.....
......
getent group DATA-ADM-LNX-NFS0A-RO-ID-00001
data-adm-lnx-nfs0a-ro-id-00001:*:30000004:
getent group DATA-ADM-LNX-NFS0A-RW-ID-00001
data-adm-lnx-nfs0a-ro-id-00001:*:30000004:
-----------
The group seen from GC:
..............
ldapsearch -H ldap://a-vdc0a.a.c.dom.org:3268 -Y GSSAPI -b
"dc=a,dc=c,dc=dom,dc=org"
"(&(objectClass=group)(gidNumber=30000005))"
SASL/GSSAPI authentication started
...
...
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <dc=a,dc=c,dc=dom,dc=org> with scope subtree
# filter: (&(objectClass=group)(gidNumber=30000005))
# requesting: ALL
#
# DATA-A-LNX-NFS0A-RW-ID-00001, A-LNX-NFS0A, DATA, ADGroups,
a.c.dom.org
dn:
CN=DATA-A-LNX-NFS0A-RW-ID-00001,OU=A-LNX-NFS0A,OU=DATA,OU=ADGroups,DC=a,DC=c,DC=dom,DC=org
objectClass: top
objectClass: group
cn: DATA-A-LNX-NFS0A-RW-ID-00001
member:
CN=FNC-DATA-A-LNX-NFS0A-RW-ID-00001,OU=A-LNX-NFS0A,OU=DATA,OU=FNC,OU=ADGroups,dc=a,dc=c,dc=dom,dc=org
member: CN=XXXXX XXXXX,OU=XXXXX,OU=XXXXXXXXXX,OU= ADUsers,DC=n,DC=c,DC=dom,DC=org
member: CN=YYYYY YYYYY,OU=XXXXX,OU=XXXXXX,OU=ADUsers,DC=n,DC=c,DC=dom,DC=org
distinguishedName: CN=DATA-A-LNX-NFS0A-RW-ID-00001,OU=A-LNX-NFS0A,OU=DATA,
OU=ADGroups,dc=a,dc=c,dc=dom,dc=org
instanceType: 4
whenCreated: 20150811100655.0Z
whenChanged: 20150813135045.0Z
uSNCreated: 167268752
uSNChanged: 168271198
name: DATA-A-LNX-NFS0A-RW-ID-00001
objectGUID:: 5GNu3mYQr0SWNup7ZsosAw==
objectSid:: AQUAAAAAAAUVAAAAk+NiSPRQunSCi6YocowBAA==
sAMAccountName: DATA-A-LNX-NFS0A-RW-ID-00001
sAMAccountType: 268435456
groupType: -2147483640
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=c,DC=dom,DC=dk
dSCorePropagationData: 16010101000000.0Z
gidNumber: 30000005
memberUid: user1
memberUid: user2
# search result
search: 4
result: 0 Success
# numResponses: 2
# numEntries: 1
...............
Log files:
/var/log/sssd/sssd-n.c.dom.org.log
--------
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sbus_handler_got_caller_id] (0x4000):
Received SBUS method [getAccountInfo]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [be_get_account_info] (0x0200): Got
request for [0x1001][1][name=user1]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [be_req_set_domain] (0x0400): Changing
request domain from [
n.c.dom.org] to [
n.c.dom.org]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_id_op_connect_step] (0x4000):
reusing cached connection
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_search_user_next_base] (0x0400):
Searching for users with base [dc=n,DC=c,DC=dom,DC=org]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_print_server] (0x2000): Searching
10.144.5.19
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(&(sAMAccountName=user1)(objectclass=user)(sAMAccountName=*)(&(uidNumber=*)(!(uidNumber=0))))][dc=n,DC=c,DC=dom,DC=org].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectClass]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [sAMAccountName]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [unixUserPassword]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [uidNumber]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [gidNumber]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [gecos]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [unixHomeDirectory]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [loginShell]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [userPrincipalName]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [name]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [memberOf]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectGUID]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectSID]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [primaryGroupID]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [whenChanged]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [uSNChanged]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [accountExpires]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [userAccountControl]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 12
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_process_result] (0x2000): Trace:
sh[0x1696500], connected[1], ops[0x16b0e90], ldap[0x16b7170]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_process_message] (0x4000):
Message type: [LDAP_RES_SEARCH_ENTRY]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_parse_entry] (0x1000):
OriginalDN: [CN=XXXX
XXXXXX,OU=XXXXXX,OU=XXXXXXXXXXXX,OU=ADUsers,dc=n,DC=c,DC=dom,DC=org].
....
....
Adding originalDN [CN=XXXX
XXXXXX,OU=XXXXXX,OU=XXXXXXXXXXXX,OU=ADUsers,dc=n,DC=c,DC=dom,DC=org] to attributes of
[user1].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_save_user] (0x0400): Adding
original memberOf attributes to [user1].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_attrs_add_ldap_attr] (0x2000):
Adding original mod-Timestamp [20150817002218.0Z] to attributes of [user1].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_save_user] (0x0400): Adding user
principal [user1(a)DOM.ORG] to attributes of [user1].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_attrs_add_ldap_attr] (0x2000):
shadowLastChange is not available for [user1].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_attrs_add_ldap_attr] (0x2000):
shadowMin is not available for [user1].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_attrs_add_ldap_attr] (0x2000):
shadowMax is not available for [user1].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_attrs_add_ldap_attr] (0x2000):
shadowWarning is not available for [user1].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_attrs_add_ldap_attr] (0x2000):
shadowInactive is not available for [user1].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_attrs_add_ldap_attr] (0x2000):
shadowExpire is not available for [user1].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_attrs_add_ldap_attr] (0x2000):
shadowFlag is not available for [user1].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_attrs_add_ldap_attr] (0x2000):
krbLastPwdChange is not available for [user1].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_attrs_add_ldap_attr] (0x2000):
krbPasswordExpiration is not available for [user1].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_attrs_add_ldap_attr] (0x2000):
pwdAttribute is not available for [user1].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_attrs_add_ldap_attr] (0x2000):
authorizedService is not available for [user1].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_attrs_add_ldap_attr] (0x2000):
Adding adAccountExpires [131039352000000000] to attributes of [user1].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_attrs_add_ldap_attr] (0x2000):
Adding adUserAccountControl [512] to attributes of [user1].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_attrs_add_ldap_attr] (0x2000):
nsAccountLock is not available for [user1].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_attrs_add_ldap_attr] (0x2000):
authorizedHost is not available for [user1].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_attrs_add_ldap_attr] (0x2000):
ndsLoginDisabled is not available for [user1].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_attrs_add_ldap_attr] (0x2000):
ndsLoginExpirationTime is not available for [user1].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_attrs_add_ldap_attr] (0x2000):
ndsLoginAllowedTimeMap is not available for [user1].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_attrs_add_ldap_attr] (0x2000):
sshPublicKey is not available for [user1].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_attrs_add_ldap_attr] (0x2000):
authType is not available for [user1].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sysdb_attrs_get_aliases] (0x2000):
Domain is case-insensitive; will add lowercased aliases
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_save_user] (0x0400): Storing info
for user user1
.....
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_initgr_user] (0x4000):
Process user's groups
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_id_op_connect_step] (0x4000):
reusing cached connection
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_print_server] (0x2000): Searching
10.144.5.19
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with [no filter][CN=XXXX
XXXXXX,OU=XXXXXX,OU=XXXXXXXXXXXX,OU=ADUsers,dc=n,DC=c,DC=dom,DC=org].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [tokenGroups]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 15
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_process_result] (0x2000): Trace:
sh[0x16be410], connected[1], ops[(nil)], ldap[0x16a0460]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_process_result] (0x2000): Trace:
ldap_result found nothing!
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_process_result] (0x2000): Trace:
sh[0x1696500], connected[1], ops[0x16a9110], ldap[0x16b7170]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_process_message] (0x4000):
Message type: [LDAP_RES_SEARCH_ENTRY]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_parse_entry] (0x1000):
OriginalDN: [CN=XXXX
XXXXXX,OU=XXXXXX,OU=XXXXXXXXXXXX,OU=ADUsers,dc=n,DC=c,DC=dom,DC=org].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_parse_range] (0x2000): No
sub-attributes for [tokenGroups]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_process_result] (0x2000): Trace:
sh[0x1696500], connected[1], ops[0x16a9110], ldap[0x16b7170]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_process_message] (0x4000):
Message type: [LDAP_RES_SEARCH_RESULT]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_op_finished]
(0x0400): Search result: Success(0), no errmsg set
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_ad_tokengroups_get_posix_members]
(0x1000): Processing membership SID [S-1-5-32-545]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_ad_tokengroups_get_posix_members]
(0x0080): Domain not found for SID S-1-5-32-545
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_ad_tokengroups_get_posix_members]
(0x1000): Processing membership SID [S-1-5-21-436374069-861567501-682003330-11221]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_ad_tokengroups_get_posix_members]
(0x1000): Processing membership SID [S-1-5-21-1214440339-1958367476-682003330-45162]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_ad_tokengroups_get_posix_members]
(0x0080): Domain not found for SID S-1-5-21-1214440339-1958367476-682003330-45162
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_ad_tokengroups_get_posix_members]
(0x1000): Processing membership SID [S-1-5-21-1214440339-1958367476-682003330-73996]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_ad_tokengroups_get_posix_members]
(0x0080): Domain not found for SID S-1-5-21-1214440339-1958367476-682003330-73996
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_ad_tokengroups_get_posix_members]
(0x1000): Processing membership SID [S-1-5-21-1214440339-1958367476-682003330-30281]
...
ssd[be[n.c.dom.org]]] [sdap_ad_tokengroups_update_members] (0x1000): Updating memberships
for [user1]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [ldb] (0x4000): start ldb transaction
(nesting: 0)
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [ldb] (0x4000): commit ldb transaction
(nesting: 0)
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_id_op_destroy] (0x4000):
releasing operation connection
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_initgr_done] (0x4000):
Initgroups done
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_id_op_connect_step] (0x4000):
reusing cached connection
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_id_op_connect_step] (0x4000):
reusing cached connection
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_groups_next_base] (0x0400):
Searching for groups with base [dc=n,DC=c,DC=dom,DC=org]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_print_server] (0x2000): Searching
10.144.5.19
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(&(gidNumber=30000000)(objectClass=group)(name=*)(&(gidNumber=*)(!(gidNumber=0))))][dc=n,DC=c,DC=dom,DC=org].
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectClass]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [name]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [gidNumber]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [member]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectGUID]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectSID]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [whenChanged]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [uSNChanged]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [groupType]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 16
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_process_result] (0x2000): Trace:
sh[0x1696500], connected[1], ops[0x16b5ba0], ldap[0x16b7170]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_process_result] (0x2000): Trace:
ldap_result found nothing!
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_process_result] (0x2000): Trace:
sh[0x1696500], connected[1], ops[0x16b5ba0], ldap[0x16b7170]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_process_message] (0x4000):
Message type: [LDAP_RES_SEARCH_RESULT]
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_generic_op_finished]
(0x0400): Search result: Success(0), no errmsg set
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_get_groups_process] (0x0400):
Search for groups, returned 0 results.
(Mon Aug 17 14:15:42 2015) [sssd[be[n.c.dom.org]]] [sdap_id_op_destroy] (0x4000):
releasing operation connection
---------------
Longina