Thank you for the explanation. I understand.
2024/04/29 22:45、Sumit Bose sbose@redhat.comのメール:
Am Mon, Apr 29, 2024 at 09:12:08PM +0900 schrieb koson823@me.com mailto:koson823@me.com:
Hi,
Thank you for your quick response. Yes, that was the reason. In this regard, let me allow to add the following question.
Is there any way to remove objectClass from the filter, such as to be (uid=hogehoge) but not (&(uid=hogehoge)(objectclass=inetOrgPerson)) as in the failure case?
Even though I tried to remove the objectclass filter in sssd.conf, I couldn’t. Removing “ldap_user_object_class" statement in [domain/local] automatically gives the following: (&(uid=hogehoge)(objectclass=posixAccount)) (as mentioned before, posixAccount is not used in the LDAP database.) Or, is the declaration of objectclass mandatory in the filter? I would greatly appreciate any assistance.
Hi,
SSSD will always use an objectclass in the filter to make sure that only the expected type of objects are returned.
HTH
bye, Sumit
2024/04/29 19:55、Sumit Bose sbose@redhat.comのメール:
Hi,
my first guess would be that the `uid=search_id` object does not have the permissions to read the `objectClass` attribute from other objects. Please check the ACIs on the LDAP server side for this user.
HTH
bye, Sumit
This initial search binding works fine and returns the user DN to log in, for example, uid=hogehoge,ou=staff,ou=Users,dc=example,dc=com
However, as shown below, the user (hogehoge) cannot be authenticated. /var/log/sssd/sssd_local.log (2024-04-28 21:57:11): [be[local]] [sdap_call_op_callback] (0x20000): [RID#2] Handling LDAP operation [3][server: [xxx.xx.xx.x:636] filter: [(&(uid=hogehoge)(objectclass=inetOrgPerson))] base: [ou=Users,dc=example,dc=com]] took [2.910] milliseconds. (2024-04-28 21:57:11): [be[local]] [sdap_parse_entry] (0x1000): [RID#2] OriginalDN: [uid=hogehoge,ou=staff,ou=Users,dc=example,dc=com]. (2024-04-28 21:57:11): [be[local]] [sdap_parse_entry] (0x0020): [RID#2] Unknown entry type, no objectClasses found!
/var/log/secure Apr 28 21:57:11 server sssctl[1635756]: pam_sss(system-auth:auth): authentication failure; logname=dummy uid=0 euid=0 tty= ruser= rhost= user=hogehoge Apr 28 21:57:11 server sssctl[1635756]: pam_sss(system-auth:auth): received for user hogehoge: 4 (System error)
-- _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
-- _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org mailto:sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org mailto:sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue