Your message dated Mon, 17 Sep 2012 08:01:24 +0200
with message-id <[email protected]>
and subject line Fixed by openldap-2.4.31-1
has caused the Debian Bug report #667980,
regarding sssd: LDAP provider fails with "ldap_result gave -1, something bad
happend!"
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
667980: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=667980
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: sssd
Version: 1.8.1-1
Severity: normal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Maintainer,
Using the LDAP id provider does not work. Running sssd in with debug output
shows this:
(Sat Apr 7 21:51:47 2012) [sssd[be[FLADI.AT]]] [fo_resolve_service_send]
(0x0100): Trying to resolve service 'LDAP'
(Sat Apr 7 21:51:47 2012) [sssd[be[FLADI.AT]]]
[resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of
'root.fladi.at' in files
(Sat Apr 7 21:51:47 2012) [sssd[be[FLADI.AT]]] [set_server_common_status]
(0x0100): Marking server 'root.fladi.at' as 'resolving name'
(Sat Apr 7 21:51:47 2012) [sssd[be[FLADI.AT]]]
[resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of
'root.fladi.at' in files
(Sat Apr 7 21:51:47 2012) [sssd[be[FLADI.AT]]] [resolv_gethostbyname_next]
(0x0200): No more address families to retry
(Sat Apr 7 21:51:47 2012) [sssd[be[FLADI.AT]]]
[resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of
'root.fladi.at' in DNS
(Sat Apr 7 21:51:47 2012) [sssd[be[FLADI.AT]]] [request_watch_destructor]
(0x0400): Deleting request watch
(Sat Apr 7 21:51:47 2012) [sssd[be[FLADI.AT]]] [set_server_common_status]
(0x0100): Marking server 'root.fladi.at' as 'name resolved'
(Sat Apr 7 21:51:47 2012) [sssd[be[FLADI.AT]]] [be_resolve_server_done]
(0x0200): Found address for server root.fladi.at: [176.9.16.100] TTL 48714
(Sat Apr 7 21:51:47 2012) [sssd[be[FLADI.AT]]] [sdap_uri_callback] (0x0400):
Constructed uri 'ldap://root.fladi.at'
(Sat Apr 7 21:51:47 2012) [sssd[be[FLADI.AT]]] [sss_ldap_init_send] (0x0400):
Setting 6 seconds timeout for connecting
(Sat Apr 7 21:51:47 2012) [sssd[be[FLADI.AT]]] [sdap_get_generic_ext_step]
(0x0400): calling ldap_search_ext with [(objectclass=*)][].
(Sat Apr 7 21:51:47 2012) [sssd[be[FLADI.AT]]] [sdap_process_result] (0x0100):
ldap_result gave -1, something bad happend!
(Sat Apr 7 21:51:47 2012) [sssd[be[FLADI.AT]]] [sdap_get_generic_done]
(0x0100): sdap_get_generic_ext_recv failed [5]: Input/output error
(Sat Apr 7 21:51:47 2012) [sssd[be[FLADI.AT]]] [fo_set_port_status] (0x0100):
Marking port 389 of server 'root.fladi.at' as 'not working'
(Sat Apr 7 21:51:47 2012) [sssd[be[FLADI.AT]]] [fo_resolve_service_send]
(0x0100): Trying to resolve service 'LDAP'
(Sat Apr 7 21:51:47 2012) [sssd[be[FLADI.AT]]] [fo_resolve_service_send]
(0x0020): No available servers for service 'LDAP'
(Sat Apr 7 21:51:47 2012) [sssd[be[FLADI.AT]]] [sdap_id_op_connect_done]
(0x0020): Failed to connect, going offline (5 [Input/output error])
(Sat Apr 7 21:51:47 2012) [sssd[be[FLADI.AT]]] [be_run_offline_cb] (0x0080):
Going offline. Running callbacks.
(Sat Apr 7 21:51:47 2012) [sssd[be[FLADI.AT]]] [ldap_id_enumerate_set_timer]
(0x0400): Scheduling next enumeration at 1333828607.270551
Using wireshark I can only see a LDAP search operation for the RootDSE, which
seems to be the operation resulting in "ldap_result gave -1".
No other LDAP operation is commited after this.
My domain is configured like this:
[domain/FLADI.AT]
auth_provider = krb5
krb5_server = home.fladi.at
krb5_realm = FLADI.AT
id_provider = ldap
chpass_provider = ldap
ldap_uri = ldap://root.fladi.at
ldap_search_base = dc=fladi,dc=at
ldap_user_search_base = ou=users,dc=fladi,dc=at
ldap_group_search_base = ou=groups,dc=fladi,dc=at
ldap_tls_reqcert = never
ldap_tls_cacert = /etc/ssl/certs/cacert.org.pem
cache_credentials = true
enumerate = true
min_id = 1000
max_id = 0
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages sssd depends on:
ii libc-ares2 1.7.5-1
ii libc6 2.13-27
ii libcollection2 0.1.3-1
ii libcomerr2 1.42.2-1
ii libdbus-1-3 1.5.12-1
ii libdhash1 0.1.3-1
ii libini-config2 0.1.3-1
ii libipa-hbac0 1.8.1-1
ii libk5crypto3 1.10+dfsg~beta1-2
ii libkrb5-3 1.10+dfsg~beta1-2
ii libldap-2.4-2 2.4.28-1.2
ii libldb1 1:1.1.4+git20120206-1
ii libnspr4-0d 4.9-1
ii libnss3-1d 3.13.3-1
ii libpam0g 1.1.3-7
ii libpcre3 1:8.30-4
ii libpopt0 1.16-3
ii libsasl2-modules-gssapi-mit 2.1.25.dfsg1-4
ii libtalloc2 2.0.7+git20120207-1
ii libtdb1 1.2.9+git20120207-2
ii libtevent0 0.9.15-2
ii libunistring0 0.9.3-5
ii multiarch-support 2.13-27
ii python 2.7.2-10
ii python-sss 1.8.1-1
Versions of packages sssd recommends:
pn bind9-host 1:9.8.1.dfsg.P1-3
pn ldap-utils 2.4.28-1.2
pn libnss-sss 1.8.1-1
pn libpam-sss 1.8.1-1
pn libsasl2-modules-ldap <none>
Versions of packages sssd suggests:
pn sssd-tools <none>
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk+AnjcACgkQeJ3z1zFMUGYO4gCfRdclnkivA/FP1AV7jLxVc3mr
qFUAn09elsY93zrX7cdhf10UReOB1Ggd
=9U7/
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Fixed by openldap-2.4.31-1.
- --
Michael Fladischer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAlBWvLIACgkQeJ3z1zFMUGbNKgCfdMftOJEfN4nVE2I8C+0bbK/v
ZH4AnjzDJG2w76PnVFF/vbHpuxSyb6jZ
=wK2w
-----END PGP SIGNATURE-----
--- End Message ---
