Hi, we have done some additional testing and debugging.
It seems there some problems with the extdom-extop plugin in the directory server. If we set ignore_group_members, the first request get a good response. (tested by: server: sssctl cache-remove -p -s -o ; sleep 1; stop-dirsrv ; sleep 1; start-dirsrv / client: sssctl cache-remove -p -s -o ; sleep 1; sssctl user-checks user@ad.domain) However, starting with the second requests the extdom-extop returns every request with an err=32 Object Not Found. We already tried to increase ipaextdommaxnssbufsize and ipaextdommaxnsstimeout. (we increased error log level on dirsrv to be sure that the values are used: Maximal nss buffer size set to [268435456]! / Maximal nss timeout (in ms) set to [100000]!) Someone some ideas where to look from here? Best Regards, Axel _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/CYG62RAY7MH2THELPW3B4B3JVVFPMAC4/
