Your message dated Tue, 22 May 2018 22:00:17 +0300 with message-id <[email protected]> and subject line Re: [Pkg-sssd-devel] Bug#899272: Acknowledgement (sssd fails to look up ONE specific group) has caused the Debian Bug report #899272, regarding sssd fails to look up ONE specific group to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 899272: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899272 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: sssd Version: 1.16.1-1+b1 Severity: important Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? install and configure sssd * What exactly did you do (or not do) that was effective (or ineffective)? look up one specific group, happens to be the smallest gid in my ldap directory: first we look it up by gid, and that works root@pico:~# getent group 1000 dlakelan:*:1000: immediately after we try to look it up by name, and it fails root@pico:~# getent group dlakelan Here's an edited version of my sssd, edited for privacy [sssd] config_file_version = 2 services = nss,pam #services = nss # SSSD will not start if you do not configure any domains. # Add new domain configurations as [domain/<NAME>] sections, and # then add the list of domains (in the order you want them to be # queried) to the "domains" attribute below and uncomment it. domains = mydomain [nss] [pam] [domain/mydomain] lookup_family_order = ipv4_only id_provider = ldap auth_provider = krb5 ldap_schema=rfc2307 ldap_uri = ldap://domain0.mydomain.com, ldap://domain1.mydomain.com ldap_search_base = dc=mydomain,dc=com cache_credentials = true krb5_realm = MYDOMAIN.COM ;ldap_id_use_start_tls = true ;ldap_tls_reqcert = hard chpass_provider = krb5 krb5_store_password_if_offline = true dns_discovery_domain = mydomain.com krb5_ccname_template = /tmp/krb5cc_%U ;use_fully_qualified_names = true min_id=1000 --------------- It has the flavor of an off-by-one type bug, since every other group with higher gid number is looked up both directions just fine. It is, however, highly annoying -- System Information: Debian Release: 8.1 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages sssd depends on: ii python3-sss 1.16.1-1+b1 ii sssd-ad 1.16.1-1+b1 ii sssd-common 1.16.1-1+b1 ii sssd-ipa 1.16.1-1+b1 ii sssd-krb5 1.16.1-1+b1 ii sssd-ldap 1.16.1-1+b1 ii sssd-proxy 1.16.1-1+b1 sssd recommends no packages. sssd suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---On 22.05.2018 21:02, Daniel Lakeland wrote: > On 05/21/2018 06:30 PM, Debian Bug Tracking System wrote: >> Thank you for filing a new Bug report with Debian. >> >> You can follow progress on this Bug here: 899272: >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899272. > > Sorry for the noise, it turns out that another group was added and that > other group had *two* dn entries in the ldap directory, one of which was > the proper name of the group and one of which was "dlakelan" probably > caused by editing an LDIF file incorrectly. Fixing the ldap directory > and rebooting the machines fixed the problem. > > please close this bug. ok, thanks for letting us know -- t
--- End Message ---
