Hi, I succeed in listing my users retrieved from the ldap server --> "getent passwd" works I'm failing in listing my groups --> "getent groups" remain stuck after have listed my /etc/group groups.
My /etc/nsswitch.conf file: passwd: files sss group: files sss #initgroups: files sss
In /var/log/sssd/sssd_my_ldap.log I see my groups seen and saved: [cut] (Wed Feb 8 10:09:40 2012) [sssd[be[my_ldap]]] [sdap_save_groups] (0x4000): Group 116 processed! (Wed Feb 8 10:09:40 2012) [sssd[be[my_ldap]]] [sdap_save_group] (0x2000): This is a posix group (Wed Feb 8 10:09:40 2012) [sssd[be[my_ldap]]] [sdap_attrs_add_ldap_attr] (0x2000): Adding original DN [cn=pdbaraf,ou=groups,dc=dont,dc=mind.it] to attributes of [pdbaraf]. (Wed Feb 8 10:09:40 2012) [sssd[be[my_ldap]]] [sdap_attrs_add_ldap_attr] (0x2000): Adding original mod-Timestamp [20110130203138Z] to attributes of [pdbaraf]. (Wed Feb 8 10:09:40 2012) [sssd[be[my_ldap]]] [sdap_save_group] (0x1000): Original USN value is not available for [pdbaraf]. (Wed Feb 8 10:09:40 2012) [sssd[be[my_ldap]]] [sdap_save_group] (0x0400): Storing info for group pdbaraf [cut]
If I try to list a specific group, I succeed in:
[root@fedora16 sssd]# getent group pdbaraf pdbaraf:*:10107:pdbaraf,pusrrafw
With strace I can see this:
[cut] connect(4, {sa_family=AF_FILE, path="/var/lib/sss/pipes/nss"}, 110) = 0 fstat(4, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0 poll([{fd=4, events=POLLOUT}], 1, 300000) = 1 ([{fd=4, revents=POLLOUT}]) write(4, "\24\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0", 16) = 16 poll([{fd=4, events=POLLOUT}], 1, 300000) = 1 ([{fd=4, revents=POLLOUT}]) write(4, "\1\0\0\0", 4) = 4 poll([{fd=4, events=POLLIN}], 1, 300000) = 1 ([{fd=4, revents=POLLIN}]) read(4, "\24\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0", 16) = 16 poll([{fd=4, events=POLLIN}], 1, 300000) = 1 ([{fd=4, revents=POLLIN}]) read(4, "\1\0\0\0", 4) = 4 poll([{fd=4, events=POLLOUT}], 1, 300000) = 1 ([{fd=4, revents=POLLOUT}]) write(4, "\20\0\0\0#\0\0\0\0\0\0\0\0\0\0\0", 16) = 16 poll([{fd=4, events=POLLIN}], 1, 300000^C <unfinished ...>
Obviously I have my [domain/ldap] section populated with enumerate=true
Any help?
Thanks a lot as usual Marco
On Wed, Feb 08, 2012 at 10:20:01AM +0100, Marco Pizzoli wrote:
Hi, I succeed in listing my users retrieved from the ldap server --> "getent passwd" works I'm failing in listing my groups --> "getent groups" remain stuck after have listed my /etc/group groups.
My /etc/nsswitch.conf file: passwd: files sss group: files sss #initgroups: files sss
In /var/log/sssd/sssd_my_ldap.log I see my groups seen and saved: [cut] (Wed Feb 8 10:09:40 2012) [sssd[be[my_ldap]]] [sdap_save_groups] (0x4000): Group 116 processed! (Wed Feb 8 10:09:40 2012) [sssd[be[my_ldap]]] [sdap_save_group] (0x2000): This is a posix group (Wed Feb 8 10:09:40 2012) [sssd[be[my_ldap]]] [sdap_attrs_add_ldap_attr] (0x2000): Adding original DN [cn=pdbaraf,ou=groups,dc=dont,dc=mind.it] to attributes of [pdbaraf]. (Wed Feb 8 10:09:40 2012) [sssd[be[my_ldap]]] [sdap_attrs_add_ldap_attr] (0x2000): Adding original mod-Timestamp [20110130203138Z] to attributes of [pdbaraf]. (Wed Feb 8 10:09:40 2012) [sssd[be[my_ldap]]] [sdap_save_group] (0x1000): Original USN value is not available for [pdbaraf]. (Wed Feb 8 10:09:40 2012) [sssd[be[my_ldap]]] [sdap_save_group] (0x0400): Storing info for group pdbaraf [cut]
If I try to list a specific group, I succeed in:
[root@fedora16 sssd]# getent group pdbaraf pdbaraf:*:10107:pdbaraf,pusrrafw
With strace I can see this:
[cut] connect(4, {sa_family=AF_FILE, path="/var/lib/sss/pipes/nss"}, 110) = 0 fstat(4, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0 poll([{fd=4, events=POLLOUT}], 1, 300000) = 1 ([{fd=4, revents=POLLOUT}]) write(4, "\24\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0", 16) = 16 poll([{fd=4, events=POLLOUT}], 1, 300000) = 1 ([{fd=4, revents=POLLOUT}]) write(4, "\1\0\0\0", 4) = 4 poll([{fd=4, events=POLLIN}], 1, 300000) = 1 ([{fd=4, revents=POLLIN}]) read(4, "\24\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0", 16) = 16 poll([{fd=4, events=POLLIN}], 1, 300000) = 1 ([{fd=4, revents=POLLIN}]) read(4, "\1\0\0\0", 4) = 4 poll([{fd=4, events=POLLOUT}], 1, 300000) = 1 ([{fd=4, revents=POLLOUT}]) write(4, "\20\0\0\0#\0\0\0\0\0\0\0\0\0\0\0", 16) = 16 poll([{fd=4, events=POLLIN}], 1, 300000^C <unfinished ...>
Obviously I have my [domain/ldap] section populated with enumerate=true
Any help?
Thanks a lot as usual Marco
It seems we have broken enumeration..at least on master, I haven't tested 1.7 yet.
I filed https://fedorahosted.org/sssd/ticket/1182 and I'm looking into fixing it.
Thank you very much for testing, Marco!
sssd-devel@lists.fedorahosted.org