Hello IPA gurus, I have a legacy client (Solaris) that I want to migrate to a IPA (RHEL IPA 4.6.5). Currently, it's being served by an ODSEE server for ldap.
So first I want to test if I can connect with a user in IPA, then I'll try with an external (AD client). But I have the following issue: User I try to login with: seb # Legacy (Solaris) Client: Jan 14 15:46:34 vs4b7 sshd[45644]: [ID 293258 auth.warning] libsldap: Status: 7 Mesg: Too many entries are returned for seb So it seems that I have several users in the compat tree with uid=seb... # IPA server serving Legacy client: [root@el6982 sssd]# ldapsearch -Y GSSAPI -b 'cn=users,cn=compat,dc=dev,dc=ipa,dc=bc' '(&(objectClass=posixaccount)(uid=seb))' # seb, users, compat, dev.ipa.bc dn: uid=seb,cn=users,cn=compat,dc=dev,dc=ipa,dc=bc objectClass: posixAccount objectClass: top gecos:: U8OpYmFzdGllbiBUb3VsbW9uZGUgKGxvY2FsIElQQSk= cn:: U8OpYmFzdGllbiBUb3VsbW9uZGUgKGxvY2FsIElQQSk= uidNumber: 1856200001 gidNumber: 1856200001 loginShell: /bin/bash homeDirectory: /home/seb uid: s...@dev.ipa.bc uid: seb # seb, users, compat, dev.ipa.bc dn: uid=seb,cn=users,cn=compat,dc=dev,dc=ipa,dc=bc objectClass: posixAccount objectClass: ipaOverrideTarget objectClass: top gecos:: U8OpYmFzdGllbiBUb3VsbW9uZGU= cn:: U8OpYmFzdGllbiBUb3VsbW9uZGU= uidNumber: 1856200001 gidNumber: 1856200001 loginShell: /bin/bash homeDirectory: /home/seb ipaAnchorUUID:: OklQQTpkZXYuaXBhLmJjOmRmMmQyNjdjLWFjN2MtMTFlOS1iYTMyLTAwNTA1NjllMjc5OQ== uid: seb # search result search: 4 result: 0 Success # numResponses: 3 # numEntries: 2 # LDAP config for legacy client: (vs4b7:/var/adm)# ldapclient list NS_LDAP_FILE_VERSION= 2.0 NS_LDAP_BINDDN= uid=solaris10,cn=sysaccounts,cn=etc,dc=dev,dc=ipa,dc=bc NS_LDAP_BINDPASSWD= {NS1}c537f4abc1a7c4e477a5ca0ca15c7bdc7a83d9 NS_LDAP_SERVERS= el6982.dev.ipa.bc NS_LDAP_SEARCH_BASEDN= dc=dev,dc=ipa,dc=bc NS_LDAP_AUTH= simple NS_LDAP_SEARCH_REF= TRUE NS_LDAP_SEARCH_SCOPE= sub NS_LDAP_SEARCH_TIME= 15 NS_LDAP_CACHETTL= 0 NS_LDAP_PROFILE= solaris10 NS_LDAP_CREDENTIAL_LEVEL= proxy NS_LDAP_SERVICE_SEARCH_DESC= passwd:cn=users,cn=compat,dc=dev,dc=ipa,dc=bc NS_LDAP_SERVICE_SEARCH_DESC= group:cn=groups,cn=compat,dc=dev,dc=ipa,dc=bc NS_LDAP_BIND_TIME= 5 NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=posixAccount I wonder why do I have two entries in the compat tree? One if objectClass: ipaOverrideTarget and the other isn't... I restarted sssd and IPA to clear the compat tree, but it pops back up again. Any idea? Thanks! _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org