Non it didn't. I'm getting the same issue with or without enabling referrals. The only way to keep the sssd daemon up has been, so far, to disable enumeration (enumerate = false) in the domain config.

On 2015-01-15 03:41, Lukas Slebodnik wrote:

On (13/01/15 08:58), Lukas Slebodnik wrote:

On (13/01/15 03:43), Christian Tardif wrote:

OK, now I can login. I was using pam_listfile.so module, but the required group to allow login did not have required posix gid to be available in the linux box. Now it has. So my main problem is the unability to use enumerate=true. Not necessarily a big deal, but maybe worth verifying why, though.

I looked to the log file one more time and I found that crash happend just with enumerating services. It might be caused by fact that different LDAP connection tried to be used for services. [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldap://orion.int.servinfo.test:389/??base] with fd [19]. [sdap_get_rootdse_send] (0x4000): Getting rootdse //snip [sdap_get_services_next_base] (0x0400): Searching for services with base [dc=servinfo,dc=test] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectclass=ipService)(cn=*)(ipServicePort=*)(ipServiceProtocol=*)) [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipServicePort] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipServiceProtocol] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 5 [sdap_process_result] (0x2000): Trace: sh[0x256a080], connected[1], ops[0x256b430], ldap[0x256a190] [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldap://servinfo.test/CN=Configuration,DC=servinfo,DC=test] with fd [21] //after few lines [sdap_process_result] (0x0040): ldap_result error: [Can't contact LDAP server] [remove_connection_callback] (0x4000): Successfully removed connection callback. [server_setup] (0x0400): CONFDB: /var/lib/sss/db/config.ldb ^^^^^^^^^^^^^ process was restarted I can see in log file that just 1st LDAP server should be used. [dp_get_options] (0x0400): Option ldap_uri has value ldap://orion.int.servinfo.test/ I may be wrong but it may be caused by LDAP referrals. You can try to disable it in sssd. Put next line into domain section of sssd.conf ldap_referrals = false

Cristian,

dit it help to disable referrals?

LS