I've cleared the cache /var/lib/sss/db/* and /var/lib/sss/mc/* and tried starting sssd but get the same error. Surprisingly I don't have any issues with 1.9.6 or 1.11.6! Wondering if there is any other idmap parameter that I have to set to get it working on 1.11.7.
Best Regards, Prajwal Kumar +91-9886213418
On Thu, Oct 16, 2014 at 2:31 AM, Lukas Slebodnik lslebodn@redhat.com wrote:
On (15/10/14 22:39), Prajwal Kumar wrote:
Hi Sumit,
When I set ldap_idmap_range_size = 4000000, SSSD fails to start:
(Wed Oct 15 12:29:52 2014) [sssd[be[dbg]]] [sdap_idmap_init] (0x0100): Initializing [6] domains for ID-mapping (Wed Oct 15 12:29:52 2014) [sssd[be[dbg]]] [sdap_idmap_add_domain] (0x1000): Adding domain [S-1-5-21-1606980848-1965331169-1417001333] as slice [2392]
^^^^
This number should not be higher than 500.
Explanation: the default value of ldap_idmap_range_min is 200.000 the default value of ldap_idmap_range_max is 2.000.200.000 difference is 2.000.000.000
You modified ldap_idmap_range_size to value 4.000.000 * this option specifies the number of IDs available for each slice
We have space for 2.000.000.000 IDs and each slice can contain 4.000.000 IDs. So ther is space for 500 slices. The log file shows that sssd tried to store SID into slice with numer 2392.
man sssd-ldap says (section ID MAPPING) Please note that changing the ID mapping related configuration options will cause user and group IDs to change. At the moment, SSSD does not support changing IDs, so the SSSD database must be removed.
Please try to remove sssd cache (rm -f /var/lib/sss/db/*) I hope problem will be fixed after starting sssd with clean cache.
LS _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On (16/10/14 10:02), Prajwal Kumar wrote:
I've cleared the cache /var/lib/sss/db/* and /var/lib/sss/mc/* and tried starting sssd but get the same error. Surprisingly I don't have any issues with 1.9.6 or 1.11.6! Wondering if there is any other idmap parameter that I have to set to get it working on 1.11.7.
Could you: * put "debug_level = 9" into domain section * stop sssd * clean cache * start sssd (1.11.7) and then send your sssd.conf and log files? You can send them privately.
LS
I got this working after I set ad_hostname in sssd.conf v1.11.7.
But unfortunately the original issue https://fedorahosted.org/sssd/ticket/2448 for which I upgraded to 1.11.7 still exists. Any pointers?
Best Regards, Prajwal Kumar +91-9886213418
On Thu, Oct 16, 2014 at 2:38 PM, Lukas Slebodnik lslebodn@redhat.com wrote:
On (16/10/14 10:02), Prajwal Kumar wrote:
I've cleared the cache /var/lib/sss/db/* and /var/lib/sss/mc/* and tried starting sssd but get the same error. Surprisingly I don't have any issues with 1.9.6 or 1.11.6! Wondering if there is any other idmap parameter that I have to set to get it working on 1.11.7.
Could you: * put "debug_level = 9" into domain section * stop sssd * clean cache * start sssd (1.11.7) and then send your sssd.conf and log files? You can send them privately.
LS _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On (17/10/14 00:25), Prajwal Kumar wrote:
I got this working after I set ad_hostname in sssd.conf v1.11.7.
I'm glad you were able to solve this issue.
But unfortunately the original issue https://fedorahosted.org/sssd/ticket/2448 for which I upgraded to 1.11.7 still exists. Any pointers?
The log file with "debug_level = 9" will be good start. You can send sanitized log files them privately if they contain confidential data.
LS
sssd-users@lists.fedorahosted.org