September 2023 - sssd-users - Fedora Mailing-Lists

krb5-pkinit - is there any configuration to it?

by Francis Augusto Medeiros-Logeay

Hi, Ok, I don't know where to start, but let's see if I can explain this. We use a product that uses certificates (a la smart cards) to log in RHEL 8/9 on behalf of users. Sumit has helped me in June but we didn't finish debugging this. The bottom of the issue is that, when krb5-pkinit is present on the system, the certificates do not work. When it isn't, it works. On RHEL 8, for example, it works right away, after I configure sssd.conf and install the CA certificates. But Sumit asked me if krb5-pkinit was installed, and it wasn't. When I install it, it breaks the whole thing. On RHEL 9, krb5-pkinit comes pre-installed. So the certificate-based authentication doesn't work. I then remove the package. It then starts to work. Is there something I'm missing here? Should I somehow configure krb5-pkinit in a way that I can get my certificate/smartcard authentication to work with krb5-pkinit installed? Are there any security issues to have that authentication working without the krb5-init? Best, Francis -- Francis Augusto Medeiros-Logeay Oslo, Norway

2 months, 1 week

2
3
0 / 0

Slow logons, incomplete information returned

by Johnnie W Adams

Hi, folks, I've got a double-barrelled problem. We're an RHEL shop with mostly RHEL 7 machines authenticating via sssd against LDAP which has, for a few weeks now, been undergoing very slow logons. Now we are also seeing incomplete information being returned from id -G. I've trimmed down a test case to eliminate every other variable I can find, and I'm left with sssd as my focal point. Any thoughts on where to start with this very puzzling, very annoying problem. Thanks, John A -- John Adams Senior Linux/Middleware Administrator | Information Technology Services +1-501-916-3010 | jxadams(a)ualr.edu | http://ualr.edu/itservices *UA Little Rock* Reminder: IT Services will never ask for your password over the phone or in an email. Always be suspicious of requests for personal information that come via email, even from known contacts. For more information or to report suspicious email, visit IT Security <http://ualr.edu/itservices/security/>.

2 months, 1 week

3
9
0 / 0

IdM/IPA id: no such user

by Jeremy Tourville

We are running IPA ver. 4.9.11 We have noted that several client machines are unable to login. When running the id command we get "id: 'user_whoever': no such user. When testing the id command on our IPA server for the same user we don't have any errors. The errors seem to be limited strictly to the client machines, and only a small subset of client machines. We have taken the following steps in efforts to troubleshoot. #1 Confirm time and date #2 Confirm resolv.conf for nameservers and search domains #3 Stop sssd and clear the cache with rm -f /var/lib/sss/db/* Then, restart sssd and attempt login again. #4 If #3 does not fix the issue, uninstall the ipa-client and reinstall it. #5 Lastly, turn on debug logging for SSSD to get a better idea of what is failing. Here is a recent debug log I was able to capture. Prior to capturing logs I ran a few commands so I'd have a clean set of log files to work from. sssctl debug-level 7 sssctl logs-remove date; id jtourville.sa; date [root@gsil-72-ld05 sssd]# cat sssd_idm.gsil.org.log | grep 13:45:56 (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_get_list_next] (0x0040): [RID#5] s2n exop request failed. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_deref] (0x4000): Dereferenced objectClass value: ipaAssociation * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_deref] (0x4000): Dereferenced objectClass value: top * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_x_deref_parse_entry] (0x0400): All deref results from a single control parsed * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf1c810], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_op_finished] (0x2000): Total count [0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_destructor] (0x2000): Operation 7 finished * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_hostgroup_info_done] (0x0200): Dereferenced host group: admin * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_sudo_fetch_rules] (0x0400): About to fetch sudo rules * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_search_bases_ex_next_base] (0x0400): Issuing LDAP lookup with base [cn=sudo,dc=idm,dc=gsil,dc=org] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipasudorule)(ipaEnabledFlag=TRUE)(|(&(!(memberHost=*))(cn=defaults))(hostCategory=ALL)(memberHost=fqdn=gsil-72-ld05.idm.gsil.org,cn=computers,cn=accounts,dc=idm,dc=gsil,dc=org)(memberHost=cn=admin,cn=hostgroups,cn=accounts,dc=idm,dc=gsil,dc=org)))][cn=sudo,dc=idm,dc=gsil,dc=org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaEnabledFlag] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSudoOpt] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSudoRunAs] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSudoRunAsGroup] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberAllowCmd] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberDenyCmd] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberHost] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberUser] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoNotAfter] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoNotBefore] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoOrder] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cmdCategory] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [hostCategory] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userCategory] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSudoRunAsUserCategory] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSudoRunAsGroupCategory] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSudoRunAsExtUser] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSudoRunAsExtGroup] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSudoRunAsExtUserGroup] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [externalUser] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [entryUSN] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 9 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_add] (0x2000): New operation 9 timeout 6 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf2f7a0], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf2f7a0], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): [RID#1] Message type: [LDAP_RES_SEARCH_ENTRY] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_entry] (0x1000): [RID#1] OriginalDN: [cn=certmap,dc=idm,dc=gsil,dc=org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [objectClass] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [cn] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [ipaCertMapPromptUserName] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf2f7a0], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf2f7a0], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): [RID#1] Message type: [LDAP_RES_SEARCH_RESULT] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_op_finished] (0x0400): [RID#1] Search result: Success(0), no errmsg set * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_destructor] (0x2000): [RID#1] Operation 8 finished * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_setup_certmap] (0x4000): [RID#1] No certmap data, nothing to do. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#1] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_search_bases_ex_next_base] (0x0400): [RID#1] Issuing LDAP lookup with base [cn=ad,cn=etc,dc=idm,dc=gsil,dc=org] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x0400): [RID#1] calling ldap_search_ext with [objectclass=ipaNTDomainAttrs][cn=ad,cn=etc,dc=idm,dc=gsil,dc=org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [cn] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [ipaNTFlatName] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [ipaNTSecurityIdentifier] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [ipaNTAdditionalSuffixes] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x2000): [RID#1] ldap_search_ext called, msgid = 10 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_add] (0x2000): [RID#1] New operation 10 timeout 6 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf1c810], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_entry] (0x1000): OriginalDN: [ipaUniqueID=654fce08-9b26-11ed-bc47-4cd98f8477ec,cn=sudorules,cn=sudo,dc=idm,dc=gsil,dc=org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaEnabledFlag] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [memberUser] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [hostCategory] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [entryUSN] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf1c810], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_entry] (0x1000): OriginalDN: [ipaUniqueID=8a5b0d84-9b26-11ed-bf94-4cd98f8477ec,cn=sudorules,cn=sudo,dc=idm,dc=gsil,dc=org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaEnabledFlag] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [memberUser] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [cmdCategory] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [hostCategory] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [entryUSN] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf1c810], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf1c810], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_entry] (0x1000): OriginalDN: [ipaUniqueID=1a3726e4-bde7-11ed-8481-4cd98f8477ec,cn=sudorules,cn=sudo,dc=idm,dc=gsil,dc=org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [cn] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaEnabledFlag] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaSudoOpt] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [memberAllowCmd] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [memberUser] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [hostCategory] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [entryUSN] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf1c810], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf1c810], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_op_finished] (0x2000): Total count [0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_destructor] (0x2000): Operation 9 finished * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_search_bases_ex_done] (0x0400): Receiving data from base [cn=sudo,dc=idm,dc=gsil,dc=org] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_sudo_fetch_rules_done] (0x0200): Received 3 sudo rules * (2023-09-13 13:45:56): [be[idm.gsil.org]] [process_rulemember] (0x2000): Found sudo command ipaUniqueID=5d6883f8-95e8-11ed-ba8b-4cd98f846d52,cn=sudocmds,cn=sudo,dc=idm,dc=gsil,dc=org * (2023-09-13 13:45:56): [be[idm.gsil.org]] [process_rulemember] (0x2000): Found sudo command ipaUniqueID=63568d46-95e8-11ed-8cd7-4cd98f846d52,cn=sudocmds,cn=sudo,dc=idm,dc=gsil,dc=org * (2023-09-13 13:45:56): [be[idm.gsil.org]] [process_rulemember] (0x2000): Found sudo command ipaUniqueID=e4519194-bde7-11ed-83ee-4cd98f8477ec,cn=sudocmds,cn=sudo,dc=idm,dc=gsil,dc=org * (2023-09-13 13:45:56): [be[idm.gsil.org]] [process_rulemember] (0x2000): Found sudo command ipaUniqueID=966fbc12-bde7-11ed-88e3-4cd98f8477ec,cn=sudocmds,cn=sudo,dc=idm,dc=gsil,dc=org * (2023-09-13 13:45:56): [be[idm.gsil.org]] [process_rulemember] (0x2000): Found sudo command ipaUniqueID=95eea702-265c-11ee-8f67-4cd98f846d52,cn=sudocmds,cn=sudo,dc=idm,dc=gsil,dc=org * (2023-09-13 13:45:56): [be[idm.gsil.org]] [process_rulemember] (0x2000): Found sudo command ipaUniqueID=81f7f046-265c-11ee-955c-4cd98f846d52,cn=sudocmds,cn=sudo,dc=idm,dc=gsil,dc=org * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_sudo_fetch_cmdgroups] (0x0400): About to fetch sudo command groups * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_sudo_fetch_cmdgroups] (0x0400): No command groups needs to be downloaded * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_sudo_fetch_cmds] (0x0400): About to fetch sudo commands * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_search_bases_ex_next_base] (0x0400): Issuing LDAP lookup with base [cn=sudo,dc=idm,dc=gsil,dc=org] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipasudocmd)(|(ipaUniqueID=81f7f046-265c-11ee-955c-4cd98f846d52)(ipaUniqueID=5d6883f8-95e8-11ed-ba8b-4cd98f846d52)(ipaUniqueID=e4519194-bde7-11ed-83ee-4cd98f8477ec)(ipaUniqueID=95eea702-265c-11ee-8f67-4cd98f846d52)(ipaUniqueID=63568d46-95e8-11ed-8cd7-4cd98f846d52)(ipaUniqueID=966fbc12-bde7-11ed-88e3-4cd98f8477ec)))][cn=sudo,dc=idm,dc=gsil,dc=org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoCmd] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 11 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_add] (0x2000): New operation 11 timeout 6 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf1bbe0], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf1bbe0], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): [RID#1] Message type: [LDAP_RES_SEARCH_ENTRY] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_entry] (0x1000): [RID#1] OriginalDN: [cn=idm.gsil.org,cn=ad,cn=etc,dc=idm,dc=gsil,dc=org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [cn] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [ipaNTFlatName] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [ipaNTSecurityIdentifier] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf1bbe0], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf1bbe0], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): [RID#1] Message type: [LDAP_RES_SEARCH_RESULT] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_op_finished] (0x0400): [RID#1] Search result: Success(0), no errmsg set * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_destructor] (0x2000): [RID#1] Operation 10 finished * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_search_bases_ex_done] (0x0400): [RID#1] Receiving data from base [cn=ad,cn=etc,dc=idm,dc=gsil,dc=org] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#1] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_search_bases_ex_next_base] (0x0400): [RID#1] Issuing LDAP lookup with base [cn=trusts,dc=idm,dc=gsil,dc=org] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x0400): [RID#1] calling ldap_search_ext with [objectclass=ipaNTTrustedDomain][cn=trusts,dc=idm,dc=gsil,dc=org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [cn] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [ipaNTFlatName] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [ipaNTTrustedDomainSID] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [ipaNTTrustDirection] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [ipaNTAdditionalSuffixes] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [ipaNTSIDBlacklistIncoming] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x2000): [RID#1] ldap_search_ext called, msgid = 12 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_add] (0x2000): [RID#1] New operation 12 timeout 6 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf4e1e0], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_entry] (0x1000): OriginalDN: [ipaUniqueID=5d6883f8-95e8-11ed-ba8b-4cd98f846d52,cn=sudocmds,cn=sudo,dc=idm,dc=gsil,dc=org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [sudoCmd] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf4e1e0], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_entry] (0x1000): OriginalDN: [ipaUniqueID=63568d46-95e8-11ed-8cd7-4cd98f846d52,cn=sudocmds,cn=sudo,dc=idm,dc=gsil,dc=org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [sudoCmd] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf4e1e0], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf4e1e0], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_entry] (0x1000): OriginalDN: [ipaUniqueID=966fbc12-bde7-11ed-88e3-4cd98f8477ec,cn=sudocmds,cn=sudo,dc=idm,dc=gsil,dc=org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [sudoCmd] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf4e1e0], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf4e1e0], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_entry] (0x1000): OriginalDN: [ipaUniqueID=e4519194-bde7-11ed-83ee-4cd98f8477ec,cn=sudocmds,cn=sudo,dc=idm,dc=gsil,dc=org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [sudoCmd] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf4e1e0], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf4e1e0], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_entry] (0x1000): OriginalDN: [ipaUniqueID=81f7f046-265c-11ee-955c-4cd98f846d52,cn=sudocmds,cn=sudo,dc=idm,dc=gsil,dc=org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [sudoCmd] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf4e1e0], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf4e1e0], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): [RID#1] Message type: [LDAP_RES_SEARCH_ENTRY] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_entry] (0x1000): [RID#1] OriginalDN: [cn=gsil.org,cn=ad,cn=trusts,dc=idm,dc=gsil,dc=org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [cn] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [ipaNTFlatName] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [ipaNTTrustedDomainSID] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [ipaNTTrustDirection] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [ipaNTSIDBlacklistIncoming] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf4e1e0], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf4e1e0], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_entry] (0x1000): OriginalDN: [ipaUniqueID=95eea702-265c-11ee-8f67-4cd98f846d52,cn=sudocmds,cn=sudo,dc=idm,dc=gsil,dc=org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [sudoCmd] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf4e1e0], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf4e1e0], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): [RID#1] Message type: [LDAP_RES_SEARCH_RESULT] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_op_finished] (0x0400): [RID#1] Search result: Success(0), no errmsg set * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_destructor] (0x2000): [RID#1] Operation 12 finished * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_search_bases_ex_done] (0x0400): [RID#1] Receiving data from base [cn=trusts,dc=idm,dc=gsil,dc=org] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_subdom_is_member_dom] (0x0400): [RID#1] 4th component is not 'trust', not a member domain * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_subdom_get_forest] (0x2000): [RID#1] The forest name is gsil.org * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_subdom_store] (0x0400): [RID#1] Range mpg mode for gsil.org: default * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_idmap_check_posix_child] (0x4000): [RID#1] Idmap of domain [S-1-5-21-3568498085-2952124370-1649233135] already known, nothing to do. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_subdom_store] (0x0400): [RID#1] Domain mpg mode for gsil.org: true * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_enable_enterprise_principals] (0x4000): [RID#1] checking [idm.gsil.org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_enable_enterprise_principals] (0x4000): [RID#1] No UPN suffixes found, no need to enable enterprise principals. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_subdom_reinit] (0x2000): [RID#1] Re-initializing domain idm.gsil.org * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_write_krb5_localauth_snippet] (0x0200): [RID#1] File for localauth plugin configuration is [/var/lib/sss/pubconf/krb5.include.d/localauth_plugin] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_write_krb5_libdefaults_snippet] (0x0200): [RID#1] File for KRB5 kibdefaults configuration is [/var/lib/sss/pubconf/krb5.include.d/krb5_libdefaults] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#1] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [new_subdomain] (0x0400): [RID#1] Creating [gsil.org] as subdomain of [idm.gsil.org]! * (2023-09-13 13:45:56): [be[idm.gsil.org]] [check_subdom_config_file] (0x0100): [RID#1] config/domain/idm.gsil.org/gsil.org/use_fully_qualified_names has value TRUE * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#1] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [link_forest_roots] (0x2000): [RID#1] [idm.gsil.org] is a forest root * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#1] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#1] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [link_forest_roots] (0x2000): [RID#1] [gsil.org] is a forest root * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#1] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#1] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#1] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_write_domain_mappings] (0x0200): [RID#1] Mapping file for domain [idm.gsil.org] is [/var/lib/sss/pubconf/krb5.include.d/domain_realm_idm_gsil_org] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#1] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_subdomains_check_domain_state] (0x4000): [RID#1] Domain [gsil.org] is enabled on the server. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#1] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_deref_bases_ex_next_base] (0x0400): [RID#1] Issuing LDAP deref lookup with base [cn=accounts,dc=idm,dc=gsil,dc=org] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_deref_search_with_filter_send] (0x2000): [RID#1] Server supports OpenLDAP deref * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_x_deref_search_send] (0x0400): [RID#1] Dereferencing entry [cn=accounts,dc=idm,dc=gsil,dc=org] using OpenLDAP deref * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x0400): [RID#1] calling ldap_search_ext with [(&(objectClass=ipaHost)(fqdn=gsil-72-ld05.idm.gsil.org))][cn=accounts,dc=idm,dc=gsil,dc=org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [cn] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [objectClass] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x2000): [RID#1] ldap_search_ext called, msgid = 13 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_add] (0x2000): [RID#1] New operation 13 timeout 6 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf40070], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_op_finished] (0x2000): Total count [0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_destructor] (0x2000): Operation 11 finished * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_search_bases_ex_done] (0x0400): Receiving data from base [cn=sudo,dc=idm,dc=gsil,dc=org] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_sudo_fetch_cmds_done] (0x0200): Received 6 sudo commands * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_sudo_fetch_done] (0x0400): About to convert rules * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_id_op_done] (0x4000): releasing operation connection * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_sudo_purge_all] (0x0400): Deleting all cached sudo rules * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_sudo_store_rule] (0x0400): Adding sudo rule MISC root (ALL) (ALL) * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_sudo_store_rule] (0x0400): Adding sudo rule IMON root (ALL) (ALL) * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_sudo_store_rule] (0x0400): Adding sudo rule !authenticate * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_sudo_set_usn] (0x0200): SUDO higher USN value: [3585558] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_sudo_refresh_done] (0x0400): Sudo rules are successfully stored in cache * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_sudo_full_refresh_done] (0x0400): Successful full refresh of sudo rules * (2023-09-13 13:45:56): [be[idm.gsil.org]] [be_ptask_postpone] (0x0400): Task [SUDO Smart Refresh]: rescheduling task * (2023-09-13 13:45:56): [be[idm.gsil.org]] [be_ptask_schedule] (0x0400): Task [SUDO Smart Refresh]: scheduling task 900 seconds from now [1694613656] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [be_ptask_done] (0x0400): Task [SUDO Full Refresh]: finished successfully * (2023-09-13 13:45:56): [be[idm.gsil.org]] [be_ptask_schedule] (0x0400): Task [SUDO Full Refresh]: scheduling task 21600 seconds from last execution time [1694634356] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf40070], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): [RID#1] Message type: [LDAP_RES_SEARCH_ENTRY] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_x_deref_parse_entry] (0x0400): [RID#1] Got deref control * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_x_deref_parse_entry] (0x0400): [RID#1] All deref results from a single control parsed * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf40070], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): [RID#1] Message type: [LDAP_RES_SEARCH_RESULT] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_op_finished] (0x0400): [RID#1] Search result: Success(0), no errmsg set * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_op_finished] (0x2000): [RID#1] Total count [0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_destructor] (0x2000): [RID#1] Operation 13 finished * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_deref_bases_ex_done] (0x0400): [RID#1] Receiving data from base [cn=accounts,dc=idm,dc=gsil,dc=org] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_subdomains_view_name_done] (0x0400): [RID#1] No view found, using default. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_apply_view] (0x4000): [RID#1] read_at_init [false] current view [(null)] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_apply_view] (0x0400): [RID#1] View name changed to [default]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#1] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#1] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_set_state] (0x1000): [RID#1] Domain gsil.org is Disabled * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_set_state] (0x1000): [RID#1] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#1] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [link_forest_roots] (0x2000): [RID#1] [idm.gsil.org] is a forest root * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#1] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#1] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [link_forest_roots] (0x2000): [RID#1] [gsil.org] is a forest root * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#1] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x0400): [RID#1] calling ldap_search_ext with [no filter][cn=default,cn=views,cn=accounts,dc=idm,dc=gsil,dc=org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [ipaDomainResolutionOrder] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x2000): [RID#1] ldap_search_ext called, msgid = 14 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_add] (0x2000): [RID#1] New operation 14 timeout 60 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf16f60], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf16f60], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): [RID#1] Message type: [LDAP_RES_SEARCH_RESULT] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_op_finished] (0x0400): [RID#1] Search result: Success(0), no errmsg set * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_destructor] (0x2000): [RID#1] Operation 14 finished * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x0400): [RID#1] calling ldap_search_ext with [(&(cn=ipaConfig)(objectClass=ipaGuiConfig))][cn=etc,dc=idm,dc=gsil,dc=org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: [ipaDomainResolutionOrder] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x2000): [RID#1] ldap_search_ext called, msgid = 15 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_add] (0x2000): [RID#1] New operation 15 timeout 60 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf16f60], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf16f60], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): [RID#1] Message type: [LDAP_RES_SEARCH_ENTRY] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_entry] (0x1000): [RID#1] OriginalDN: [cn=ipaConfig,cn=etc,dc=idm,dc=gsil,dc=org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_parse_range] (0x2000): [RID#1] No sub-attributes for [ipaDomainResolutionOrder] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf16f60], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2023-09-13 13:45:56): [be[idm.gsil.org]] [be_ptask_online_cb] (0x0400): Back end is online * (2023-09-13 13:45:56): [be[idm.gsil.org]] [be_ptask_enable] (0x0080): Task [Subdomains Refresh]: already enabled * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf16f60], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): [RID#1] Message type: [LDAP_RES_SEARCH_RESULT] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_op_finished] (0x0400): [RID#1] Search result: Success(0), no errmsg set * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_destructor] (0x2000): [RID#1] Operation 15 finished * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_id_op_done] (0x4000): [RID#1] releasing operation connection * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_id_conn_data_idle] (0x4000): [RID#1] Marking connection as idle * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_get_options] (0x0400): [RID#1] Option ad_server has no value * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_get_options] (0x0400): [RID#1] Option ad_site has no value * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_subdomains_write_kdcinfo_domain_step] (0x2000): [RID#1] No site or server defined for gsil.org, skipping * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_req_done] (0x0400): [RID#1] DP Request [Subdomains #1]: Request handler finished [0]: Success * (2023-09-13 13:45:56): [be[idm.gsil.org]] [_dp_req_recv] (0x0400): [RID#1] DP Request [Subdomains #1]: Receiving request data. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_req_destructor] (0x0400): [RID#1] DP Request [Subdomains #1]: Request removed. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_req_destructor] (0x0400): [RID#1] Number of active DP request: 0 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_req_reply_std] (0x1000): [RID#1] DP Request [Subdomains #1]: Returning [Success]: 0,0,Success * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_issue_request_done] (0x0400): sssd.dataprovider.getDomains: Success * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_issue_request_done] (0x0400): sssd.dataprovider.getDomains: Success * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_issue_request_done] (0x0400): sssd.dataprovider.getDomains: Success * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_issue_request_done] (0x0400): sssd.dataprovider.getDomains: Success * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[(nil)], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_server_new_connection] (0x0200): Adding connection 0x56184cf02e70. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Introspectable on path / * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Introspectable on path /* * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Properties on path / * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_router_add_path] (0x0400): Registering interface org.freedesktop.DBus.Properties on path /* * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_watch_add] (0x2000): Created a disabled -/W watch on 6 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_watch_toggle] (0x4000): Toggle to enabled R/- watch on 6 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_client_init] (0x0100): Set-up Backend ID timeout [0x56184cf16f60] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_watch_toggle] (0x4000): Toggle to disabled R/- watch on 6 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_watch_toggle] (0x4000): Toggle to enabled -/W watch on 6 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_watch_toggle] (0x4000): Toggle to enabled R/- watch on 6 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_watch_toggle] (0x4000): Toggle to disabled -/W watch on 6 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_watch_toggle] (0x4000): Toggle to disabled R/- watch on 6 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_watch_toggle] (0x4000): Toggle to enabled -/W watch on 6 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_watch_toggle] (0x4000): Toggle to enabled R/- watch on 6 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_watch_toggle] (0x4000): Toggle to disabled -/W watch on 6 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.Hello on /org/freedesktop/DBus * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_server_bus_hello] (0x4000): Assigning unique name :1.6 to connection 0x56184cedc5b0 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.Hello: Success * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameOwnerChanged on /org/freedesktop/DBus * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_name_owner_changed] (0x4000): Name of owner :1.6 has changed from [] to [:1.6] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameOwnerChanged: Success * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.RequestName on /org/freedesktop/DBus * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_server_bus_request_name] (0x0400): Requesting name: sssd.pac * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.RequestName: Success * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameOwnerChanged on /org/freedesktop/DBus * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_name_owner_changed] (0x4000): Name of owner sssd.pac has changed from [] to [sssd.pac] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameOwnerChanged: Success * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.AddMatch on /org/freedesktop/DBus * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.AddMatch on /org/freedesktop/DBus * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_match_rule_add] (0x4000): Adding match rule for :1.6: org.freedesktop.DBus.NameOwnerChanged * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.AddMatch: Success * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_match_rule_add] (0x4000): Adding match rule for :1.6: org.freedesktop.DBus.NameAcquired * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.AddMatch: Success * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_method_handler] (0x2000): Received D-Bus method sssd.DataProvider.Client.Register on /sssd * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.pac] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_method_handler] (0x2000): Received D-Bus method org.freedesktop.DBus.GetConnectionUnixUser on /org/freedesktop/DBus * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.GetConnectionUnixUser: Success * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.pac] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_senders_add] (0x2000): Inserting identity of sender [sssd.pac]: 0 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_client_register] (0x0100): Added Frontend client [pac] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_client_register] (0x0100): Cancel DP ID timeout [0x56184cf16f60] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_issue_request_done] (0x0400): sssd.DataProvider.Client.Register: Success * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameOwnerChanged on /org/freedesktop/DBus * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_name_owner_changed] (0x4000): Name of owner :1.7 has changed from [] to [:1.7] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameOwnerChanged: Success * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_signal_handler] (0x2000): Received D-Bus signal org.freedesktop.DBus.NameOwnerChanged on /org/freedesktop/DBus * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_name_owner_changed] (0x4000): Name of owner sssd.pac has changed from [] to [sssd.pac] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_issue_request_done] (0x0400): org.freedesktop.DBus.NameOwnerChanged: Success * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_method_handler] (0x2000): Received D-Bus method sssd.dataprovider.getDomains on /sssd * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.pac] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_attach_req] (0x0400): [RID#2] DP Request [Subdomains #2]: REQ_TRACE: New request. Flags [0000]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_attach_req] (0x0400): [RID#2] Number of active DP request: 1 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_subdomains_handler_send] (0x0400): [RID#2] Subdomains were recently refreshed, nothing to do * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_req_done] (0x0400): [RID#2] DP Request [Subdomains #2]: Request handler finished [0]: Success * (2023-09-13 13:45:56): [be[idm.gsil.org]] [_dp_req_recv] (0x0400): [RID#2] DP Request [Subdomains #2]: Receiving request data. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_req_destructor] (0x0400): [RID#2] DP Request [Subdomains #2]: Request removed. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_req_destructor] (0x0400): [RID#2] Number of active DP request: 0 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_req_reply_std] (0x1000): [RID#2] DP Request [Subdomains #2]: Returning [Success]: 0,0,Success * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_issue_request_done] (0x0400): sssd.dataprovider.getDomains: Success * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [be_ptask_online_cb] (0x0400): Back end is online * (2023-09-13 13:45:56): [be[idm.gsil.org]] [be_ptask_enable] (0x0080): Task [SUDO Smart Refresh]: already enabled * (2023-09-13 13:45:56): [be[idm.gsil.org]] [be_ptask_online_cb] (0x0400): Back end is online * (2023-09-13 13:45:56): [be[idm.gsil.org]] [be_ptask_enable] (0x0080): Task [SUDO Full Refresh]: already enabled * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_method_handler] (0x2000): Received D-Bus method sssd.dataprovider.getAccountInfo on /sssd * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.nss] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_get_account_info_send] (0x0200): Got request for [0x1][BE_REQ_USER][name=sssd(a)gsil.org] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_attach_req] (0x0400): [RID#3] DP Request [Account #3]: REQ_TRACE: New request. [sssd.nss CID #1] Flags [0x0001]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_attach_req] (0x0400): [RID#3] Number of active DP request: 1 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#3] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#3] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#3] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#3] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_id_op_connect_step] (0x4000): [RID#3] reusing cached connection * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_id_conn_data_not_idle] (0x4000): [RID#3] Marking connection as not idle * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_id_op_connect_step] (0x4000): [RID#3] reusing cached connection * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_id_conn_data_not_idle] (0x4000): [RID#3] Marking connection as not idle * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_get_ad_override_connect_done] (0x4000): [RID#3] Searching for overrides in view [Default Trust View] with filter [(&(objectClass=ipaUserOverride)(uid=sssd))]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x0400): [RID#3] calling ldap_search_ext with [(&(objectClass=ipaUserOverride)(uid=sssd))][cn=Default Trust View,cn=views,cn=accounts,dc=idm,dc=gsil,dc=org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x2000): [RID#3] ldap_search_ext called, msgid = 16 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_add] (0x2000): [RID#3] New operation 16 timeout 6 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf18500], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): [RID#3] Message type: [LDAP_RES_SEARCH_RESULT] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_op_finished] (0x0400): [RID#3] Search result: Success(0), no errmsg set * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_destructor] (0x2000): [RID#3] Operation 16 finished * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_get_ad_override_done] (0x4000): [RID#3] No override found with filter [(&(objectClass=ipaUserOverride)(uid=sssd))]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_id_op_destroy] (0x4000): [RID#3] releasing operation connection * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#3] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#3] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_id_op_connect_step] (0x4000): [RID#3] reusing cached connection * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_id_conn_data_not_idle] (0x4000): [RID#3] Marking connection as not idle * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_get_acct_info_send] (0x0400): [RID#3] Sending request_type: [REQ_FULL_WITH_MEMBERS] for trust user [sssd] to IPA server * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_exop_send] (0x0400): [RID#3] Executing extended operation * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_exop_send] (0x2000): [RID#3] ldap_extended_operation sent, msgid = 17 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_add] (0x2000): [RID#3] New operation 17 timeout 6 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf18500], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf18500], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): [RID#3] Message type: [LDAP_RES_EXTENDED] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_exop_done] (0x0400): [RID#3] ldap_extended_operation result: No such object(32), (null). * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_destructor] (0x2000): [RID#3] Operation 17 finished * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#3] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_cache_search_groups] (0x2000): [RID#3] Search groups with filter: (&(objectCategory=group)(ghost=sssd(a)gsil.org)) * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_cache_search_groups] (0x2000): [RID#3] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_delete_user] (0x0400): [RID#3] Error: 2 (No such file or directory) * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_id_op_done] (0x4000): [RID#3] releasing operation connection * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_id_op_destroy] (0x4000): [RID#3] releasing operation connection * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_id_conn_data_idle] (0x4000): [RID#3] Marking connection as idle * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_req_done] (0x0400): [RID#3] DP Request [Account #3]: Request handler finished [0]: Success * (2023-09-13 13:45:56): [be[idm.gsil.org]] [_dp_req_recv] (0x0400): [RID#3] DP Request [Account #3]: Receiving request data. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_req_destructor] (0x0400): [RID#3] DP Request [Account #3]: Request removed. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_req_destructor] (0x0400): [RID#3] Number of active DP request: 0 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_req_reply_std] (0x1000): [RID#3] DP Request [Account #3]: Returning [Success]: 0,0,Success * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_issue_request_done] (0x0400): sssd.dataprovider.getAccountInfo: Success * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[(nil)], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_method_handler] (0x2000): Received D-Bus method sssd.dataprovider.getAccountInfo on /sssd * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.nss] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_get_account_info_send] (0x0200): Got request for [0x1][BE_REQ_USER][name=sssd(a)idm.gsil.org] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_attach_req] (0x0400): [RID#4] DP Request [Account #4]: REQ_TRACE: New request. [sssd.nss CID #1] Flags [0x0001]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_attach_req] (0x0400): [RID#4] Number of active DP request: 1 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#4] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#4] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_id_op_connect_step] (0x4000): [RID#4] reusing cached connection * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_id_conn_data_not_idle] (0x4000): [RID#4] Marking connection as not idle * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_search_user_next_base] (0x0400): [RID#4] Searching for users with base [cn=accounts,dc=idm,dc=gsil,dc=org] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x0400): [RID#4] calling ldap_search_ext with [(&(uid=sssd)(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=idm,dc=gsil,dc=org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [objectClass] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [uid] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [userPassword] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [uidNumber] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [gidNumber] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [gecos] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [homeDirectory] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [loginShell] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [krbPrincipalName] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [cn] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [memberOf] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [ipaUniqueID] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [ipaNTSecurityIdentifier] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [modifyTimestamp] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [entryUSN] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [shadowLastChange] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [shadowMin] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [shadowMax] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [shadowWarning] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [shadowInactive] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [shadowExpire] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [shadowFlag] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [krbLastPwdChange] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [krbPasswordExpiration] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [pwdAttribute] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [authorizedService] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [accountExpires] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [userAccountControl] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [nsAccountLock] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [host] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [loginDisabled] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [loginExpirationTime] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [loginAllowedTimeMap] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [ipaSshPubKey] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [ipaUserAuthType] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [userCertificate;binary] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x1000): [RID#4] Requesting attrs: [mail] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x2000): [RID#4] ldap_search_ext called, msgid = 18 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_add] (0x2000): [RID#4] New operation 18 timeout 6 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf18500], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): [RID#4] Message type: [LDAP_RES_SEARCH_RESULT] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_op_finished] (0x0400): [RID#4] Search result: Success(0), no errmsg set * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_destructor] (0x2000): [RID#4] Operation 18 finished * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_search_user_process] (0x0400): [RID#4] Search for users, returned 0 results. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_search_user_process] (0x2000): [RID#4] Retrieved total 0 users * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_id_op_done] (0x4000): [RID#4] releasing operation connection * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_id_conn_data_idle] (0x4000): [RID#4] Marking connection as idle * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#4] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_cache_search_groups] (0x2000): [RID#4] Search groups with filter: (&(objectCategory=group)(ghost=sssd(a)idm.gsil.org)) * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_cache_search_groups] (0x2000): [RID#4] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_delete_user] (0x0400): [RID#4] Error: 2 (No such file or directory) * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#4] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [get_object_from_cache] (0x0200): [RID#4] Object wasn't found in cache * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_id_get_account_info_orig_done] (0x0080): [RID#4] Object not found, ending request * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_req_done] (0x0400): [RID#4] DP Request [Account #4]: Request handler finished [0]: Success * (2023-09-13 13:45:56): [be[idm.gsil.org]] [_dp_req_recv] (0x0400): [RID#4] DP Request [Account #4]: Receiving request data. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_req_destructor] (0x0400): [RID#4] DP Request [Account #4]: Request removed. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_req_destructor] (0x0400): [RID#4] Number of active DP request: 0 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_req_reply_std] (0x1000): [RID#4] DP Request [Account #4]: Returning [Success]: 0,0,Success * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_issue_request_done] (0x0400): sssd.dataprovider.getAccountInfo: Success * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[(nil)], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [delayed_online_authentication_callback] (0x0200): Backend is online, starting delayed online authentication. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_dispatch] (0x4000): Dispatching. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_method_handler] (0x2000): Received D-Bus method sssd.dataprovider.getAccountInfo on /sssd * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sbus_senders_lookup] (0x2000): Looking for identity of sender [sssd.nss] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_get_account_info_send] (0x0200): Got request for [0x1][BE_REQ_USER][name=jtourville.sa(a)gsil.org] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_attach_req] (0x0400): [RID#5] DP Request [Account #5]: REQ_TRACE: New request. [sssd.nss CID #2] Flags [0x0001]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [dp_attach_req] (0x0400): [RID#5] Number of active DP request: 1 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_id_op_connect_step] (0x4000): [RID#5] reusing cached connection * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_id_conn_data_not_idle] (0x4000): [RID#5] Marking connection as not idle * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_id_op_connect_step] (0x4000): [RID#5] reusing cached connection * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_id_conn_data_not_idle] (0x4000): [RID#5] Marking connection as not idle * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_get_ad_override_connect_done] (0x4000): [RID#5] Searching for overrides in view [Default Trust View] with filter [(&(objectClass=ipaUserOverride)(uid=jtourville.sa))]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x0400): [RID#5] calling ldap_search_ext with [(&(objectClass=ipaUserOverride)(uid=jtourville.sa))][cn=Default Trust View,cn=views,cn=accounts,dc=idm,dc=gsil,dc=org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_ext_step] (0x2000): [RID#5] ldap_search_ext called, msgid = 19 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_add] (0x2000): [RID#5] New operation 19 timeout 6 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf0cc50], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): [RID#5] Message type: [LDAP_RES_SEARCH_RESULT] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_get_generic_op_finished] (0x0400): [RID#5] Search result: Success(0), no errmsg set * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_destructor] (0x2000): [RID#5] Operation 19 finished * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_get_ad_override_done] (0x4000): [RID#5] No override found with filter [(&(objectClass=ipaUserOverride)(uid=jtourville.sa))]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_id_op_destroy] (0x4000): [RID#5] releasing operation connection * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_id_op_connect_step] (0x4000): [RID#5] reusing cached connection * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_id_conn_data_not_idle] (0x4000): [RID#5] Marking connection as not idle * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_get_acct_info_send] (0x0400): [RID#5] Sending request_type: [REQ_FULL_WITH_MEMBERS] for trust user [jtourville.sa] to IPA server * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_exop_send] (0x0400): [RID#5] Executing extended operation * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_exop_send] (0x2000): [RID#5] ldap_extended_operation sent, msgid = 20 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_add] (0x2000): [RID#5] New operation 20 timeout 6 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf0cc50], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf0cc50], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): [RID#5] Message type: [LDAP_RES_EXTENDED] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_exop_done] (0x0400): [RID#5] ldap_extended_operation result: Success(0), (null). * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_destructor] (0x2000): [RID#5] Operation 20 finished * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [add_v1_user_data] (0x4000): [RID#5] BER tag is [48] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [get_extra_attrs] (0x4000): [RID#5] Found new sequence. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [get_extra_attrs] (0x4000): [RID#5] Extra attribute [objectSIDString]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [get_extra_attrs] (0x4000): [RID#5] Extra attribute [userPrincipalName]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [get_extra_attrs] (0x4000): [RID#5] Extra attribute [adAccountExpires]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [get_extra_attrs] (0x4000): [RID#5] Extra attribute [adUserAccountControl]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [get_extra_attrs] (0x4000): [RID#5] Extra attribute [originalDN]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [get_extra_attrs] (0x4000): [RID#5] Extra attribute [originalMemberOf]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [get_extra_attrs] (0x4000): [RID#5] Extra attribute [originalMemberOf]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [get_extra_attrs] (0x4000): [RID#5] Extra attribute [originalMemberOf]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [get_extra_attrs] (0x4000): [RID#5] Extra attribute [originalMemberOf]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [get_extra_attrs] (0x4000): [RID#5] Extra attribute [originalMemberOf]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [get_extra_attrs] (0x4000): [RID#5] Extra attribute [originalMemberOf]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_get_user_done] (0x0400): [RID#5] Received [8] groups in group list from IPA Server * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_get_user_done] (0x0400): [RID#5] [jtourville.sa(a)gsil.org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_get_user_done] (0x0400): [RID#5] [aci_shareaccess(a)gsil.org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_get_user_done] (0x0400): [RID#5] [gsil_na7(a)gsil.org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_get_user_done] (0x0400): [RID#5] [xt_sa(a)gsil.org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_get_user_done] (0x0400): [RID#5] [domain users(a)gsil.org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_get_user_done] (0x0400): [RID#5] [sudo-all-admin(a)idm.gsil.org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_get_user_done] (0x0400): [RID#5] [admins(a)idm.gsil.org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_get_user_done] (0x0400): [RID#5] [allow-general(a)idm.gsil.org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_get_list_step] (0x0400): [RID#5] Sending request_type: [REQ_FULL_WITH_MEMBERS] for object [jtourville.sa(a)gsil.org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_exop_send] (0x0400): [RID#5] Executing extended operation * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_exop_send] (0x2000): [RID#5] ldap_extended_operation sent, msgid = 21 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_add] (0x2000): [RID#5] New operation 21 timeout 6 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf0cc50], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf0cc50], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): [RID#5] Message type: [LDAP_RES_EXTENDED] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_exop_done] (0x0400): [RID#5] ldap_extended_operation result: Success(0), (null). * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_destructor] (0x2000): [RID#5] Operation 21 finished * (2023-09-13 13:45:56): [be[idm.gsil.org]] [add_v1_group_data] (0x4000): [RID#5] BER tag is [48] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [get_extra_attrs] (0x4000): [RID#5] Found new sequence. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [get_extra_attrs] (0x4000): [RID#5] Extra attribute [objectSIDString]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_get_list_next] (0x0400): [RID#5] Received [jtourville.sa(a)gsil.org] attributes from IPA server. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_save_objects] (0x0400): [RID#5] Processing group jtourville.sa(a)gsil.org * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_check_ts_cache] (0x2000): [RID#5] Cannot find TS cache entry for [name=jtourville.sa(a)gsil.org,cn=groups,cn=gsil.org,cn=sysdb]: [2]: No such file or directory * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_check_and_update_ts_cache] (0x2000): [RID#5] No timestamps entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_store_group] (0x1000): [RID#5] Group jtourville.sa(a)gsil.org does not exist. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_user_by_uid] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_group_by_id] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_ldb_msg_difference] (0x2000): [RID#5] Added attr [objectSIDString] to entry [name=jtourville.sa(a)gsil.org,cn=groups,cn=gsil.org,cn=sysdb] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_set_entry_attr] (0x0200): [RID#5] Entry [name=jtourville.sa(a)gsil.org,cn=groups,cn=gsil.org,cn=sysdb] has set [cache, ts_cache] attrs. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_store_group] (0x0400): [RID#5] Group "jtourville.sa(a)gsil.org" has been stored * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_get_list_step] (0x0400): [RID#5] Sending request_type: [REQ_FULL_WITH_MEMBERS] for object [aci_shareaccess(a)gsil.org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_exop_send] (0x0400): [RID#5] Executing extended operation * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_exop_send] (0x2000): [RID#5] ldap_extended_operation sent, msgid = 22 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_add] (0x2000): [RID#5] New operation 22 timeout 6 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf00f40], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf00f40], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): [RID#5] Message type: [LDAP_RES_EXTENDED] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_exop_done] (0x0400): [RID#5] ldap_extended_operation result: Success(0), (null). * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_destructor] (0x2000): [RID#5] Operation 22 finished * (2023-09-13 13:45:56): [be[idm.gsil.org]] [add_v1_group_data] (0x4000): [RID#5] BER tag is [48] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [get_extra_attrs] (0x4000): [RID#5] Found new sequence. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [get_extra_attrs] (0x4000): [RID#5] Extra attribute [objectSIDString]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_get_list_next] (0x0400): [RID#5] Received [aci_shareaccess(a)gsil.org] attributes from IPA server. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_save_objects] (0x0400): [RID#5] Processing group aci_shareaccess(a)gsil.org * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [process_members] (0x4000): [RID#5] Adding ghost member [jpayne.sa(a)gsil.org] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [process_members] (0x4000): [RID#5] Adding ghost member [wthompson.sa(a)gsil.org] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [process_members] (0x4000): [RID#5] Adding ghost member [jroman.sa(a)gsil.org] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [process_members] (0x4000): [RID#5] Adding ghost member [aspaugh.sa(a)gsil.org] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [process_members] (0x4000): [RID#5] Adding ghost member [jtourville.sa(a)gsil.org] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [process_members] (0x4000): [RID#5] Adding ghost member [sil2(a)gsil.org] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_check_ts_cache] (0x2000): [RID#5] Cannot find TS cache entry for [name=aci_shareaccess(a)gsil.org,cn=groups,cn=gsil.org,cn=sysdb]: [2]: No such file or directory * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_check_and_update_ts_cache] (0x2000): [RID#5] No timestamps entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_store_group] (0x1000): [RID#5] Group aci_shareaccess(a)gsil.org does not exist. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_user_by_uid] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_group_by_id] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_ldb_msg_difference] (0x2000): [RID#5] Added attr [objectSIDString] to entry [name=aci_shareaccess(a)gsil.org,cn=groups,cn=gsil.org,cn=sysdb] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_set_entry_attr] (0x0200): [RID#5] Entry [name=aci_shareaccess(a)gsil.org,cn=groups,cn=gsil.org,cn=sysdb] has set [cache, ts_cache] attrs. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_store_group] (0x0400): [RID#5] Group "aci_shareaccess(a)gsil.org" has been stored * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_get_list_step] (0x0400): [RID#5] Sending request_type: [REQ_FULL_WITH_MEMBERS] for object [gsil_na7(a)gsil.org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_exop_send] (0x0400): [RID#5] Executing extended operation * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_exop_send] (0x2000): [RID#5] ldap_extended_operation sent, msgid = 23 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_add] (0x2000): [RID#5] New operation 23 timeout 6 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf46b40], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf46b40], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): [RID#5] Message type: [LDAP_RES_EXTENDED] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_exop_done] (0x0400): [RID#5] ldap_extended_operation result: Success(0), (null). * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_destructor] (0x2000): [RID#5] Operation 23 finished * (2023-09-13 13:45:56): [be[idm.gsil.org]] [add_v1_group_data] (0x4000): [RID#5] BER tag is [48] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [get_extra_attrs] (0x4000): [RID#5] Found new sequence. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [get_extra_attrs] (0x4000): [RID#5] Extra attribute [objectSIDString]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_get_list_next] (0x0400): [RID#5] Received [gsil_na7(a)gsil.org] attributes from IPA server. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_save_objects] (0x0400): [RID#5] Processing group gsil_na7(a)gsil.org * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [process_members] (0x4000): [RID#5] Adding ghost member [na7user(a)gsil.org] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [process_members] (0x4000): [RID#5] Adding ghost member [wthompson.sa(a)gsil.org] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [process_members] (0x4000): [RID#5] Adding ghost member [jroman.sa(a)gsil.org] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [process_members] (0x4000): [RID#5] Adding ghost member [jtourville.sa(a)gsil.org] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_check_ts_cache] (0x2000): [RID#5] Cannot find TS cache entry for [name=gsil_na7(a)gsil.org,cn=groups,cn=gsil.org,cn=sysdb]: [2]: No such file or directory * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_check_and_update_ts_cache] (0x2000): [RID#5] No timestamps entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_store_group] (0x1000): [RID#5] Group gsil_na7(a)gsil.org does not exist. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_by_name] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_user_by_uid] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_search_group_by_id] (0x0400): [RID#5] No such entry * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_ldb_msg_difference] (0x2000): [RID#5] Added attr [objectSIDString] to entry [name=gsil_na7(a)gsil.org,cn=groups,cn=gsil.org,cn=sysdb] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_set_entry_attr] (0x0200): [RID#5] Entry [name=gsil_na7(a)gsil.org,cn=groups,cn=gsil.org,cn=sysdb] has set [cache, ts_cache] attrs. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sysdb_store_group] (0x0400): [RID#5] Group "gsil_na7(a)gsil.org" has been stored * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain idm.gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sss_domain_get_state] (0x1000): [RID#5] Domain gsil.org is Active * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_get_list_step] (0x0400): [RID#5] Sending request_type: [REQ_FULL_WITH_MEMBERS] for object [xt_sa(a)gsil.org]. * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_exop_send] (0x0400): [RID#5] Executing extended operation * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_exop_send] (0x2000): [RID#5] ldap_extended_operation sent, msgid = 24 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_add] (0x2000): [RID#5] New operation 24 timeout 6 * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf47ff0], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: end of ldap_result list * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_result] (0x2000): Trace: sh[0x56184ceda180], connected[1], ops[0x56184cf47ff0], ldap[0x56184ceeadb0] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_process_message] (0x4000): [RID#5] Message type: [LDAP_RES_EXTENDED] * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_exop_done] (0x0400): [RID#5] ldap_extended_operation result: No such object(32), (null). * (2023-09-13 13:45:56): [be[idm.gsil.org]] [sdap_op_destructor] (0x2000): [RID#5] Operation 24 finished * (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_get_list_next] (0x0040): [RID#5] s2n exop request failed. (2023-09-13 13:45:56): [be[idm.gsil.org]] [ipa_s2n_get_list_done] (0x0040): [RID#5] s2n get_fqlist request failed. Can anyone assist and help me figure out what is going wrong? Many thanks in advance!

2 months, 2 weeks

2
3
0 / 0

Offline auth with id provider files auth provider krb5

by Techie

Hi Trying to use cached creds with local users in the passwd file authenticating via kerberos. I have id_provider set to files and auth_provider set to krb5(AD DC). Online authentication works fine however when I disconnect the network authentication fails. The computer is not joined to a domain, I am only leveraging the domain/realm for authentication purposes Relevant entries [pam] offline_credentials_expiration = 7 [domain] cache_credentials=true account_cache_expiration=8 id_provider=files auth_provider=krb5 krb5_server=srva.example.com krb5_kpasswd=srva.example.com krb5_realm=EXAMPLE.COM dns_discovery_domain=EXAMPLE.COM krb5_store_password_if_offline=true Is this a supported configuration for offline logins with cached credentials? Thanks

2 months, 2 weeks

1
0
0 / 0

[SSSD] Announcing SSSD 2.9.2

by Pavel Březina

# SSSD 2.9.2 The SSSD team is announcing the release of version 2.9.2 of the System Security Services Daemon. The tarball can be downloaded from: https://github.com/SSSD/sssd/releases/tag/2.9.2 See the full release notes at: https://sssd.io/release-notes/sssd-2.9.2.html RPM packages will be made available for Fedora shortly. ## Feedback Please provide comments, bugs and other feedback via the sssd-devel or sssd-users mailing lists: https://lists.fedorahosted.org/mailman/listinfo/sssd-devel https://lists.fedorahosted.org/mailman/listinfo/sssd-users ## Highlights SSSD 2.9 branch is now in long-term maintenance (LTM) phase. ### General information * `libkrb5-1.21` can now be used to build PAC plugin. * `sssctl cert-show` and `cert-show cert-eval-rule` can now be run as non-root user. ### Important fixes * SSSD does no longer crash if PIN is introduced but the tactile trigger isn't pressed during passkey authentication. * SSSD can now recover if memory-cache files under `/var/lib/sss/mc` where truncated while SSSD is running. * Chaining of identical D-Bus requests that run in parallel to avoid multiple backend queries works again. ### Configuration changes * New option `local_auth_policy` is added to control which offline authentication methods will be enabled by SSSD. This option is relevant for authentication methods which have online, and offline capability such as passkey, and smartcard authentication. The default value `match` sets the offline methods to their corresponding online value. This enables offline authentication when online kerberos pre-authentication such as PKINIT, or passkey is supported by the backend, note that online methods will still be attempted first. Option value `only` can be used to disable online authentication entirely, or the value `enable:method` to explicitly enable specific authentication methods, e.g. `enable:passkey`.

2 months, 3 weeks

1
0
0 / 0

sssd in connection with LDAP, Kerberos and NFSv4

by Gerion Entrup

Hi, we want to setup several PCs in a way that they are accessible by different (untrusted, i.e. not with root rights) people. In principal, the requirements are: - Each person gets an unique (UNIX) account that is managed at a server. - Each person gets a home directory that is shared across all PCs, comes from a central server. Ideally, the home directory is only mounted when someone logs in and checks in the process the authenticity of the user, the authenticity of the client and that of the server. - Ideally, one person is not able to access any data from the other person. - The PCs should authenticate to the server. All communication should be encrypted (at least all communication regarding authentication). - I should hold that only a user with a valid account can login on a PC with a valid key and mount data from a server with a valid key. This seems to be a classical problem for LDAP, Kerberos, NFSv4 with sssd as the client side daemon to manage all that. However, I'm not quite sure, if I understood the interworkings completely and if sssd is capable of working in the wanted way. - We have an LDAP database which stores the users (of class posixAccount). - We have set up a Kerberos daemon which uses this LDAP as database. - We have set up an NFSv4 server that has an Kerberos principal and a keytab. In my understanding the next steps now would be: - Each user in the LDAP database also gets a Kerberos keytab (which can be different from their login password). - SSSD now has to do the following steps: - When the user types in their password in the login manager, PAM in connection with sssd use this to bind to the LDAP server (so sssd uses LDAP as id_provider and LDAP as auth_provider). - After the successful authentication, sssd gets the Kerberos key from the Kerberos database and uses that key to securely mount the NFSv4 home directory on the PC (the target folder is also specific as part of the user attributes, but where can sssd find the folder on the host?). Is that possible? I also read that Kerberos in connection with NFSv4 can be used to authenticate the NFSv4 server, the NFSv4 client _and_ the specific user. Can that happen all simultaneously, so in one mount command? I only find the `sec=krb5x` mount options where the NFSv4 client and the NFSv4 server authenticates to the Kerberos server but without using anything from the user. Best, Gerion

2 months, 3 weeks

2
1
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

sssd-users September 2023