Hi,
we saw a lot of queries for uidnumber=4294967295 in our ldap backend logs (from sssd), so we did as suggested by
https://access.redhat.com/solutions/2963401
and added max_id=4294967294 in our sssd domain config.
But this seems to be ignored (at least in version 1.15.2-50.el7_4.8.x86_64), as the queries continue to arrive in ldap.
Adding ldap_max_id with the same value resulted in an "numerical out of range" error and sssd refuses to start then (seems to be 16-bit ...).
And of course I read the nfsnobody discussions where the uid=65534 :-)
As a workaround, I added an entry in /etc/passwd for uid 4294967295 so the problem went away, but this still leaves the max_id and ldap_max_id issues that should be working fine ...
Any hints?
Franky
On Wed, Jan 24, 2018 at 03:06:58PM +0100, Franky Van Liedekerke wrote:
Hi,
we saw a lot of queries for uidnumber=4294967295 in our ldap backend logs (from sssd), so we did as suggested by
https://access.redhat.com/solutions/2963401
and added max_id=4294967294 in our sssd domain config.
But this seems to be ignored (at least in version 1.15.2-50.el7_4.8.x86_64), as the queries continue to arrive in ldap.
Adding ldap_max_id with the same value resulted in an "numerical out of range" error and sssd refuses to start then (seems to be 16-bit ...).
And of course I read the nfsnobody discussions where the uid=65534 :-)
As a workaround, I added an entry in /etc/passwd for uid 4294967295 so the problem went away, but this still leaves the max_id and ldap_max_id issues that should be working fine ...
Any hints?
Sounds like https://pagure.io/SSSD/sssd/issue/3569 which was fixed upstream in the upcoming (once we fix known regressions...) release. The fix was also backported to RHEL-7.5 and the next RHEL-7.4.z release..
sssd-users@lists.fedorahosted.org
-
Franky Van Liedekerke -
Jakub Hrozek