On Thu, Nov 08, 2012 at 06:17:40PM +0100, Ondrej Valousek wrote:
Ok, I gave it a try (with an AD provider) and here are the bugs I
have found so far:
0. My configuration:
id_provider = ad
auth_provider = ad
chpass_provider = ad
cache_credentials = True
ldap_id_mapping = False
# ldap_sasl_authid = LOGINA$(a)DUBLIN.AD.S3GROUP.COM
1. Upgrade db database from the 1.8 versions (aka RHEL 6U3) does not
work. SSSD won't start (dies silently). I had to rm
/var/lib/sss/db/* to make it working.
This is pretty bad. Do you still have the old database somewhere or
the possibility of generating it again with old packages? We haven't
seen this bug so far in our testing, but apparently it's out there..
2. sssd won't work when I specify correct ldap_sasl_authid (see
example above). This is bad as I might have my krb5.keytab cluttered
with other (possibly not working) keys so I would like to keep the
possibility of specifying the ldap_sasl_authid manually.
So this is authid that was working with the plain ldap provider but
dosn't work with ad provider? Can you share logs?
Have you tried if using this authid works even with 1.9 with the ldap
3. This is a show stopper for me. I can not disable ID mapping as the
example above does not work for me:
Only users and groups w/ RFC2307 attributes are seen, NO id mapping is performed.
Users and groups who have defined RFC2307 attributes are displayed
fine (RFC2307 attributes honored), but also users & groups with no
RFC2307 attributes are displayed (RFC2307 attributes computed by
I suspect that this issue might be fixed in the latest builds. I was
planning to upgrade this preview repo to 1.9.3 when it becomes ready,
but it wouldn't be too hard to include the fixes we have so far so you
Thank you very much for testing.