On (18/03/15 10:25), Lukas Slebodnik wrote:
On (17/03/15 13:56), Domenico Viggiani wrote:
-----Original Message----- But it would be nice to see the full logfile as well, this would i.e. make sense if we're offline.
Attached log file (slightly sanitized, to save the innocents).
These lines look suspicious.
[sdap_ad_tokengroups_update_members] (0x1000): Updating memberships for [testuser] [sysdb_error_to_errno] (0x0020): LDB returned unexpected error: [No such attribute] [sysdb_mod_group_member] (0x0400): Error: 14 (Bad address) [sysdb_update_members_ex] (0x0020): Could not remove member [testuser] from group [name=IT-Area IT,cn=groups,cn=MYDOMAIN.COM,cn=sysdb]. Skipping [sysdb_error_to_errno] (0x0020): LDB returned unexpected error: [No such attribute] [sysdb_mod_group_member] (0x0400): Error: 14 (Bad address) [sysdb_update_members_ex] (0x0020): Could not remove member [testuser] from group [name=DGOP-Direzione Generale Operativa,cn=groups,cn=MYDOMAIN.COM,cn=sysdb]. Skipping [sysdb_error_to_errno] (0x0020): LDB returned unexpected error: [No such attribute] [sysdb_mod_group_member] (0x0400): Error: 14 (Bad address) [sysdb_update_members_ex] (0x0020): Could not remove member [testuser] from group [name=Organigramma,cn=groups,cn=MYDOMAIN.COM,cn=sysdb]. Skipping [sysdb_error_to_errno] (0x0020): LDB returned unexpected error: [No such attribute] [sysdb_mod_group_member] (0x0400): Error: 14 (Bad address) [sysdb_update_members_ex] (0x0020): Could not remove member [testuser] from group [name=IT-Infrastruttura IT,cn=groups,cn=MYDOMAIN.COM,cn=sysdb]. Skipping
We recently added to sssd some extra debug messages which could help with identification of problem.
I can prepare you testing repo I need to know which platform do you want to test? rhel/fedora
I got another idea which could help you. By default we use tokengroups for obtaining group membership it is faster. But it caused some problems in your case so you can try do disable this feature.
Try to put "ldap_use_tokengroups = false" into domain section of sssd.conf. It is workaround which can help nevertheless we want to fix your initial bug.
LS