Unfortunately the logs aren't helpful, It seems that sssd one time went offline but
it's not at all in the same time-frame as when I ran my tests. I also tried to put the
full debug log (0xFFF0).
The thing is that I don't need to enable all those mapping mechanisms because I
don't rely on the AD groups I use FreeIPA to set group membership. So I tried to
deactivate this using the following options, as suggested by lslebodn:
ldap_group_nesting_level = 0
ignore_group_members = True
ldap_use_tokengroups = False
But it the mapping still occurs, as the timeout. It seems that those options are not
working.
Here's my sssd config file.
[
domain/mydomain1.com]
debug_level = 0x07f0
#debug_level = 0xFFF0
ldap_group_nesting_level = 0
ignore_group_members = True
ldap_use_tokengroups = False
#ldap_initgroups_use_matching_rule_in_chain = True
ldap_id_mapping = False
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain =
mydomain1.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname =
kdc.mydomain1.com
chpass_provider = ipa
ipa_server =
kdc.mydomain1.com
ipa_server_mode = True
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
services = nss, sudo, pam, ssh
config_file_version = 2
domains =
mydomain1.com
[nss]
homedir_substring = /home
[pam]
[sudo]
[autofs]
[ssh]
Thanks for your help !
Romain
-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org
[mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Jakub Hrozek
Sent: lundi 2 mars 2015 13:50
To: sssd-users(a)lists.fedorahosted.org
Subject: Re: [SSSD-users] FreeIPA/SSSD LDAP cross-forest trust slow queries
On Mon, Mar 02, 2015 at 12:45:19PM +0000, Aviolat Romain wrote:
I couldn't see a reason too... I'm 100% sure that the infra
(AD servers and network) is always UP. Tell me if I can dig a bit further into some log
files.
Thanks again for your help.
Romain
Can you search the logs for a message saying "Going offline" ? IIRC that would
show the spot where SSSD switched from online to offline mode, the logs messages above
that would (hopefully) show the reason.
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users