Hi, On Wed, Sep 11, 2024 at 1:45 PM Daniel Paetzold via FreeIPA-users < [email protected]> wrote:
> I have setup FreeIPA to use a domain like clients.ipa.example.com > > When starting SSSD now, it tries to find th ipaDomainResolutionOrder in > > [(&(cn=ipaConfig)(objectClass=ipaGuiConfig))][cn=etc,dc=clients,dc=ipa,dc=example,dc=com] > at this DN, my LDAP Instance has no informations (no result). > > So SSSD is refusing to work with: > [sdap_get_generic_ext_step] (0x0400): [RID#1] calling ldap_search_ext with > [(&(cn=ipaConfig)(objectClass=ipaGuiConfig))][cn=etc,dc=clients,dc=ipa,dc=example,dc=com]. > [sdap_get_generic_ext_step] (0x1000): [RID#1] Requesting attrs: > [ipaDomainResolutionOrder] > [ipa_domain_resolution_order_done] (0x0040): [RID#1] Failed to get the > domains' resolution order configuration from the server [22]: Wrong Argument > > I can sucessfully query the LDAP- Tree at > [(&(cn=ipaConfig)(objectClass=ipaGuiConfig))][cn=etc,dc=penta-energy,dc=de] > at the server > > neither > cn=etc,dc=ipa,dc=penta-energy,dc=de > nor > cn=etc,dc=clients,dc=ipa,dc=example,dc=com > is working. > > i setup freeipa-install with domain=clients.ipa.example.com > > what have i done wrong? > Should LDAP deliver dc=clients,dc=ipa,dc=example,dc=com or is > cn=etc,dc=penta-energy,dc=de > right and SSSD is doing it wrong? > If the server was installed with *ipa-server-install --domain clients.ipa.example.com <http://clients.ipa.example.com>*, then the LDAP server will create the entries below dc=clients,dc=ipa,dc=example,dc=com. How exactly did you setup the server? Any idea how the tree below cn=etc,dc=penta-energy,dc=de was created? flo > > Regard, Daniel > -- > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
