Hi,
I succeed in listing my users retrieved from the ldap server --> "getent passwd" works
I'm failing in listing my groups --> "getent groups" remain stuck after have listed my /etc/group groups.
My /etc/nsswitch.conf file:
passwd: files sss
group: files sss
#initgroups: files sss
In /var/log/sssd/sssd_my_ldap.log I see my groups seen and saved:
[cut]
(Wed Feb 8 10:09:40 2012) [sssd[be[my_ldap]]] [sdap_save_groups] (0x4000): Group 116 processed!
(Wed Feb 8 10:09:40 2012) [sssd[be[my_ldap]]] [sdap_save_group] (0x2000): This is a posix group
(Wed Feb 8 10:09:40 2012) [sssd[be[my_ldap]]] [sdap_attrs_add_ldap_attr] (0x2000): Adding original DN [cn=pdbaraf,ou=groups,dc=dont,dc=mind.it] to attributes of [pdbaraf].
(Wed Feb 8 10:09:40 2012) [sssd[be[my_ldap]]] [sdap_attrs_add_ldap_attr] (0x2000): Adding original mod-Timestamp [20110130203138Z] to attributes of [pdbaraf].
(Wed Feb 8 10:09:40 2012) [sssd[be[my_ldap]]] [sdap_save_group] (0x1000): Original USN value is not available for [pdbaraf].
(Wed Feb 8 10:09:40 2012) [sssd[be[my_ldap]]] [sdap_save_group] (0x0400): Storing info for group pdbaraf
[cut]
If I try to list a specific group, I succeed in:
[root@fedora16 sssd]# getent group pdbaraf
pdbaraf:*:10107:pdbaraf,pusrrafw
With strace I can see this:
[cut]
connect(4, {sa_family=AF_FILE, path="/var/lib/sss/pipes/nss"}, 110) = 0
fstat(4, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
poll([{fd=4, events=POLLOUT}], 1, 300000) = 1 ([{fd=4, revents=POLLOUT}])
write(4, "\24\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0", 16) = 16
poll([{fd=4, events=POLLOUT}], 1, 300000) = 1 ([{fd=4, revents=POLLOUT}])
write(4, "\1\0\0\0", 4) = 4
poll([{fd=4, events=POLLIN}], 1, 300000) = 1 ([{fd=4, revents=POLLIN}])
read(4, "\24\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0", 16) = 16
poll([{fd=4, events=POLLIN}], 1, 300000) = 1 ([{fd=4, revents=POLLIN}])
read(4, "\1\0\0\0", 4) = 4
poll([{fd=4, events=POLLOUT}], 1, 300000) = 1 ([{fd=4, revents=POLLOUT}])
write(4, "\20\0\0\0#\0\0\0\0\0\0\0\0\0\0\0", 16) = 16
poll([{fd=4, events=POLLIN}], 1, 300000^C <unfinished ...>
Obviously I have my [domain/ldap] section populated with
enumerate=true
Any help?
Thanks a lot as usual
Marco
--
_________________________________________
Non č forte chi non cade, ma chi cadendo ha la forza di rialzarsi.
Jim Morrison