On Mon, Aug 11, 2014 at 09:03:17AM +0200, Jakub Hrozek wrote:
> On Sat, Aug 09, 2014 at 07:44:58AM +0800, XuQing Tan wrote:
> > Hi Jackub
> >
> > attached is the sssd domain log, in the log i only saw the short group name
> > "test-group"
> > the command "id nick" output:
> > uid=15001(nick) gid=20000(my-testing-group-at-world-wide-space)
> > groups=20000(my-testing-group-at-world-wide-space)
> > thanks
>
> Thanks for the logs, they seem about right to me:
> (Fri Aug  8 23:39:17 2014) [sssd[be[example.com]]] [sdap_initgr_rfc2307_next_base] (0x0400): Searching for groups with base [ou=Groups,o=example.com]
> (Fri Aug  8 23:39:17 2014) [sssd[be[example.com]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(memberuid=nick)(objectclass=posixGroup)(description=*)(&(gidNumber=*)(!(gidNumber=0))))][ou=Groups,o=example.com].
> (Fri Aug  8 23:39:17 2014) [sssd[be[example.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
> (Fri Aug  8 23:39:17 2014) [sssd[be[example.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [description]
> (Fri Aug  8 23:39:17 2014) [sssd[be[example.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword]
> (Fri Aug  8 23:39:17 2014) [sssd[be[example.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
> (Fri Aug  8 23:39:17 2014) [sssd[be[example.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
> (Fri Aug  8 23:39:17 2014) [sssd[be[example.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
> (Fri Aug  8 23:39:17 2014) [sssd[be[example.com]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 4
> (Fri Aug  8 23:39:17 2014) [sssd[be[example.com]]] [sdap_process_result] (0x2000): Trace: sh[0x11b1a80], connected[1], ops[0x126ecc0], ldap[0x11b1f80]
> (Fri Aug  8 23:39:17 2014) [sssd[be[example.com]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
> (Fri Aug  8 23:39:17 2014) [sssd[be[example.com]]] [sdap_process_result] (0x2000): Trace: sh[0x11b1a80], connected[1], ops[0x126ecc0], ldap[0x11b1f80]
> (Fri Aug  8 23:39:17 2014) [sssd[be[example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass]
> (Fri Aug  8 23:39:17 2014) [sssd[be[example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [gidNumber]
> (Fri Aug  8 23:39:17 2014) [sssd[be[example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [description]
> (Fri Aug  8 23:39:17 2014) [sssd[be[example.com]]] [sdap_parse_range] (0x2000): No sub-attributes for [modifyTimestamp]
>
> You can see that the description attribute was requested. I will run a
> local test first, perhaps we can proceed with some more debugging then.

Sorry, works for me fine here. Are you sure you don't have a group with
the same GID on the system in /etc/group or in another domain?

Can you run a more isolated test?

service sssd stop
rm -f /var/lib/sss/db/cache_*

service sssd start
getent group -s -sss $groupname_in_description

If you still don't see the groupname you'd expect, can you examine the
cache?

yum -y install ldb-tools
ldbsearch -H /var/lib/sss/db/cache_$domain.ldb objectclass=group

The last command should show the group entry exactly as stored in the
cache.

_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users