On 06/25/2015 02:10 PM, Sumit Bose wrote:
> On Thu, Jun 25, 2015 at 01:06:22PM +0200, Giorgio Biacchi wrote:
>> On 06/25/2015 12:56 PM, Sumit Bose wrote:
>>> On Thu, Jun 25, 2015 at 12:22:16PM +0200, Giorgio Biacchi wrote:
>>>> On 06/24/2015 06:45 PM, Sumit Bose wrote:
>>>>> On Wed, Jun 24, 2015 at 05:11:07PM +0200, Giorgio Biacchi wrote:
>>>>>> Hi everybody,
>>>>>> I established a bidirectional trust between an IPA server (version 4.1.0 
>>>>>> on
>>>>>> CentOS 7.1), ipa.mydomain.local and an AD (Windows 2012 r2), 
>>>>>> mydomain.local.
>>>>>> Everything is working fine, and I'm able to authenticate and logon on a 
>>>>>> linux
>>>>>> host joined to IPA server using AD credentials (username@mydomain.local).
>>>>>> But active directory is configured with two more UPN suffixes 
>>>>>> (otherdomain.com
>>>>>> and sub.otherdomain.com), and I cannot logon with credentials using 
>>>>>> alternative
>>>>>> UPN (example: john....@otherdomain.com).
>>>>>>
>>>>>> How can I make this possible? Another trust (ipa trust-add) with the 
>>>>>> same AD?
>>>>>> Manual configuration of krb5 and/or sssd?
>>>>>
>>>>> Have you tried to login to an IPA client or the server? Please try with
>>>>> an IPA server first. If this does not work it would be nice if you can
>>>>> send the SSSD log files from the IPA server which are generated during
>>>>> the logon attempt. Please call 'sss_cache -E' before to invalidate all
>>>>> cached entries so that the logs will contain all needed calls to AD.
>>>>>
>>>>> Using UPN suffixes were added to the AD provider some time ago and the
>>>>> code is available in the IPA provider as well, but I guess no one has
>>>>> actually tried this before.
>>>>>
>>>>> bye,
>>>>> Sumit
>>>>
>>>> First of all let me say that i feel like I'm missing some config 
>>>> somewhere..
>>>> Changes tried in krb5.conf to support UPN suffixes didn't helped.
>>>> I can only access the server vi ssh so I've attached the logs for a 
>>>> successful
>>>> login for account1@mydomain.local and an unsuccessful login for
>>>> accou...@otherdomain.com done via ssh.
>>>>
>>>> Bye and thanks for your help
>>>>
>>>
>>> It looks like the request is not properly propagated to sub-domains (the
>>> trusted AD domain) but only send to the IPA domain.
>>>
>>> Would it be possible for you to run a test build of SSSD which might fix
>>> this? If yes, which version of SSSD are you currently using? Then I can
>>> prepare a test build with the patch on top of this version.
>>>
>>> bye,
>>> Sumit
>>>
>>
>> Hi,
>> I'm using sssd 1.12.2 (sssd --version) on CentOS 7.1.1503 and I'm available 
>> for
>> any test.
>>
>> Here's the packages version for sssd:
>>
>> sssd-common-1.12.2-58.el7_1.6.x86_64
>> sssd-krb5-1.12.2-58.el7_1.6.x86_64
>> python-sssdconfig-1.12.2-58.el7_1.6.noarch
>> sssd-krb5-common-1.12.2-58.el7_1.6.x86_64
>> sssd-ipa-1.12.2-58.el7_1.6.x86_64
>> sssd-1.12.2-58.el7_1.6.x86_64
>> sssd-libwbclient-1.12.2-58.el7_1.6.x86_64
>> sssd-ad-1.12.2-58.el7_1.6.x86_64
>> sssd-ldap-1.12.2-58.el7_1.6.x86_64
>> sssd-common-pac-1.12.2-58.el7_1.6.x86_64
>> sssd-proxy-1.12.2-58.el7_1.6.x86_64
>> sssd-client-1.12.2-58.el7_1.6.x86_64
> 
> Please try the packages at
> http://koji.fedoraproject.org/koji/taskinfo?taskID=10210844 .
> 
> bye,
> Sumit

Hi,
I've installed the new RPMs, now if I run on the server:

id account1@mydomain.local
id accou...@otherdomain.com
id accou...@sub.otherdomain.com

all the users are found but I'm still unable to log in via ssh with the accounts
@otherdomain.com and @sub.otherdomain.com.

In attachment the logs for unsuccessful login for user accou...@otherdomain.com.

Bye
-- 
gb

PGP Key: http://pgp.mit.edu/
Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
(Thu Jun 25 16:18:54 2015) [sssd[nss]] [nss_clear_memcache] (0x0400): Clearing 
memory caches.
(Thu Jun 25 16:18:54 2015) [sssd[nss]] [nss_orphan_netgroups] (0x0400): 
Removing netgroups from memory cache.
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [accept_fd_handler] (0x0400): Client 
connected!
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received 
client version [1].
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered 
version [1].
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running 
command [17] with input [accou...@otherdomain.com].
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing 
request for [0x7fd3aa0776b0:domains@ipa.mydomain.local]
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_get_domains_msg] (0x0400): 
Sending get domains request for [ipa.mydomain.local][otherdomain.com]
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): 
Entering request [0x7fd3aa0776b0:domains@ipa.mydomain.local]
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): 
Requesting info for [accou...@otherdomain.com@ipa.mydomain.local]
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [sysdb_search_user_by_upn] (0x0400): No 
entry with upn [accou...@otherdomain.com] found.
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing 
request for [0x7fd3aa075e40:1:accou...@otherdomain.com:U@ipa.mydomain.local]
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): 
Creating request for 
[ipa.mydomain.local][4097][1][name=accou...@otherdomain.com:U]
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): 
Entering request 
[0x7fd3aa075e40:1:accou...@otherdomain.com:U@ipa.mydomain.local]
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): 
Deleting request: [0x7fd3aa0776b0:domains@ipa.mydomain.local]
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): 
Unable to get information from Data Provider
Error: 3, 0, Account info lookup failed
Will try to return what we have in cache
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): 
Requesting info for [accou...@otherdomain.com@ipa.mydomain.local]
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [sysdb_search_user_by_upn] (0x0400): No 
entry with upn [accou...@otherdomain.com] found.
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding 
[NCE/USER/ipa.mydomain.local/accou...@otherdomain.com] to negative cache
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): 
Requesting info for [accou...@otherdomain.com@mydomain.local]
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing 
request for [0x7fd3aa075e40:1:accou...@otherdomain.com:U@mydomain.local]
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): 
Creating request for [mydomain.local][4097][1][name=accou...@otherdomain.com:U]
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): 
Entering request [0x7fd3aa075e40:1:accou...@otherdomain.com:U@mydomain.local]
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): 
Deleting request: 
[0x7fd3aa075e40:1:accou...@otherdomain.com:U@ipa.mydomain.local]
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): 
Requesting info for [accou...@otherdomain.com@mydomain.local]
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): 
Returning info for user [accou...@otherdomain.com@mydomain.local]
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): 
Deleting request: [0x7fd3aa075e40:1:accou...@otherdomain.com:U@mydomain.local]
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running 
command [38] with input [nobody].
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): 
name 'nobody' matched without domain, user is nobody
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting 
info for [nobody] from [<ALL>]
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [nss_cmd_initgroups_search] (0x0100): 
Requesting info for [nobody@ipa.mydomain.local]
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing 
request for [0x7fd3aa075e40:3:nobody@ipa.mydomain.local]
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): 
Creating request for [ipa.mydomain.local][4099][1][name=nobody]
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): 
Entering request [0x7fd3aa075e40:3:nobody@ipa.mydomain.local]
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): 
Unable to get information from Data Provider
Error: 3, 0, Account info lookup failed
Will try to return what we have in cache
(Thu Jun 25 16:18:58 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): 
Deleting request: [0x7fd3aa075e40:3:nobody@ipa.mydomain.local]
(Thu Jun 25 16:19:02 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running 
command [17] with input [accou...@otherdomain.com].
(Thu Jun 25 16:19:02 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing 
request for [0x7fd3aa0776b0:domains@ipa.mydomain.local]
(Thu Jun 25 16:19:02 2015) [sssd[nss]] [sss_dp_get_domains_msg] (0x0400): 
Sending get domains request for [ipa.mydomain.local][otherdomain.com]
(Thu Jun 25 16:19:02 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): 
Entering request [0x7fd3aa0776b0:domains@ipa.mydomain.local]
(Thu Jun 25 16:19:02 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User 
[accou...@otherdomain.com] does not exist in [ipa.mydomain.local]! (negative 
cache)
(Thu Jun 25 16:19:02 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0080): No 
matching domain found for [accou...@otherdomain.com], fail!
(Thu Jun 25 16:19:02 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): 
Deleting request: [0x7fd3aa0776b0:domains@ipa.mydomain.local]
(Thu Jun 25 16:19:02 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running 
command [17] with input [accou...@otherdomain.com].
(Thu Jun 25 16:19:02 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing 
request for [0x7fd3aa0776b0:domains@ipa.mydomain.local]
(Thu Jun 25 16:19:02 2015) [sssd[nss]] [sss_dp_get_domains_msg] (0x0400): 
Sending get domains request for [ipa.mydomain.local][otherdomain.com]
(Thu Jun 25 16:19:02 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): 
Entering request [0x7fd3aa0776b0:domains@ipa.mydomain.local]
(Thu Jun 25 16:19:02 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User 
[accou...@otherdomain.com] does not exist in [ipa.mydomain.local]! (negative 
cache)
(Thu Jun 25 16:19:02 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0080): No 
matching domain found for [accou...@otherdomain.com], fail!
(Thu Jun 25 16:19:02 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): 
Deleting request: [0x7fd3aa0776b0:domains@ipa.mydomain.local]
(Thu Jun 25 16:19:02 2015) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running 
command [17] with input [accou...@otherdomain.com].
(Thu Jun 25 16:19:02 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing 
request for [0x7fd3aa0776b0:domains@ipa.mydomain.local]
(Thu Jun 25 16:19:02 2015) [sssd[nss]] [sss_dp_get_domains_msg] (0x0400): 
Sending get domains request for [ipa.mydomain.local][otherdomain.com]
(Thu Jun 25 16:19:02 2015) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): 
Entering request [0x7fd3aa0776b0:domains@ipa.mydomain.local]
(Thu Jun 25 16:19:02 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User 
[accou...@otherdomain.com] does not exist in [ipa.mydomain.local]! (negative 
cache)
(Thu Jun 25 16:19:02 2015) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0080): No 
matching domain found for [accou...@otherdomain.com], fail!
(Thu Jun 25 16:19:02 2015) [sssd[nss]] [sss_dp_req_destructor] (0x0400): 
Deleting request: [0x7fd3aa0776b0:domains@ipa.mydomain.local]
(Thu Jun 25 16:19:05 2015) [sssd[nss]] [client_recv] (0x0200): Client 
disconnected!
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[be_run_unconditional_online_cb] (0x0400): Running unconditional online 
callbacks.
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [be_get_subdomains] 
(0x0400): Got get subdomains [otherdomain.com]
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with 
[objectclass=ipaIDRange][cn=ranges,cn=etc,dc=ipa,dc=mydomain,dc=local].
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg 
set
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with 
[objectclass=ipaNTTrustedDomain][cn=trusts,dc=ipa,dc=mydomain,dc=local].
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg 
set
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[ipa_subdom_get_forest] (0x0400): 4th component is not 'trust', nothing to do.
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with 
[objectclass=ipaNTDomainAttrs][cn=ad,cn=etc,dc=ipa,dc=mydomain,dc=local].
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg 
set
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>) [Success]
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [be_get_account_info] 
(0x0200): Got request for [0x1001][1][name=accou...@otherdomain.com:U]
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [be_req_set_domain] 
(0x0400): Changing request domain from [ipa.mydomain.local] to 
[ipa.mydomain.local]
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_search_user_next_base] (0x0400): Searching for users with base 
[cn=accounts,dc=ipa,dc=mydomain,dc=local]
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with 
[(&(krbPrincipalName=accou...@otherdomain.com)(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=ipa,dc=mydomain,dc=local].
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg 
set
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_search_user_process] (0x0400): Search for users, returned 0 results.
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_get_users_done] 
(0x0040): Failed to retrieve users
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sysdb_search_by_name] (0x0400): No such entry
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sysdb_delete_user] 
(0x0400): Error: 2 (No such file or directory)
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sysdb_search_by_name] (0x0400): No such entry
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[ipa_id_get_account_info_orig_done] (0x0080): Object not found, ending request
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [acctinfo_callback] 
(0x0100): Request processed. Returned 3,0,Account info lookup failed
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [be_get_account_info] 
(0x0200): Got request for [0x1001][1][name=accou...@otherdomain.com:U]
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [be_req_set_domain] 
(0x0400): Changing request domain from [ipa.mydomain.local] to [mydomain.local]
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with 
[(&(objectClass=ipaUserOverride)(uid=accou...@otherdomain.com))][cn=Default 
Trust View,cn=views,cn=accounts,dc=ipa,dc=mydomain,dc=local].
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg 
set
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_search_user_next_base] (0x0400): Searching for users with base 
[dc=mydomain,dc=local]
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with 
[(&(userPrincipalName=accou...@otherdomain.com)(objectclass=user)(sAMAccountName=*)(objectSID=*))][dc=mydomain,dc=local].
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg 
set
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_search_user_process] (0x0400): Search for users, returned 1 results.
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] 
(0x0400): Save user
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_get_primary_name] (0x0400): Processing object account2@mydomain.local
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] 
(0x0400): Processing user account2@mydomain.local
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] 
(0x0400): Original memberOf is not available for [account2@mydomain.local].
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] 
(0x0400): Adding user principal [accou...@otherdomain.com] to attributes of 
[account2@mydomain.local].
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] 
(0x0400): Storing info for user account2@mydomain.local
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sysdb_search_by_name] (0x0400): No such entry
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[ipa_get_ad_acct_ad_part_done] (0x0080): Object not found, ending request
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [acctinfo_callback] 
(0x0100): Request processed. Returned 0,0,Success
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [be_get_account_info] 
(0x0200): Got request for [0x1003][1][name=nobody]
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [be_req_set_domain] 
(0x0400): Changing request domain from [ipa.mydomain.local] to 
[ipa.mydomain.local]
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_get_initgr_next_base] (0x0400): Searching for users with base 
[cn=accounts,dc=ipa,dc=mydomain,dc=local]
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with 
[(&(uid=nobody)(objectclass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=ipa,dc=mydomain,dc=local].
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg 
set
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sysdb_search_by_name] (0x0400): No such entry
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sysdb_delete_user] 
(0x0400): Error: 2 (No such file or directory)
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sysdb_search_by_name] (0x0400): No such entry
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[ipa_id_get_account_info_orig_done] (0x0080): Object not found, ending request
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [acctinfo_callback] 
(0x0100): Request processed. Returned 3,0,Account info lookup failed
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [be_get_account_info] 
(0x0200): Got request for [0x1][1][name=account2]
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [be_req_set_domain] 
(0x0400): Changing request domain from [ipa.mydomain.local] to [mydomain.local]
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with 
[(&(objectClass=ipaUserOverride)(uid=account2))][cn=Default Trust 
View,cn=views,cn=accounts,dc=ipa,dc=mydomain,dc=local].
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg 
set
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_search_user_next_base] (0x0400): Searching for users with base 
[dc=mydomain,dc=local]
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with 
[(&(sAMAccountName=account2)(objectclass=user)(sAMAccountName=*)(objectSID=*))][dc=mydomain,dc=local].
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg 
set
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_search_user_process] (0x0400): Search for users, returned 1 results.
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] 
(0x0400): Save user
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_get_primary_name] (0x0400): Processing object account2@mydomain.local
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] 
(0x0400): Processing user account2@mydomain.local
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] 
(0x0400): Original memberOf is not available for [account2@mydomain.local].
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] 
(0x0400): Adding user principal [accou...@otherdomain.com] to attributes of 
[account2@mydomain.local].
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [sdap_save_user] 
(0x0400): Storing info for user account2@mydomain.local
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with 
[(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:S-1-5-21-1710311407-3537505305-1030735119-11202))][cn=Default
 Trust View,cn=views,cn=accounts,dc=ipa,dc=mydomain,dc=local].
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg 
set
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with 
[objectClass=ipaexternalgroup][dc=ipa,dc=mydomain,dc=local].
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg 
set
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[ipa_get_ext_groups_done] (0x0400): [0] external groups found.
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] 
[find_ipa_ext_memberships] (0x0400): No external groupmemberships found.
(Thu Jun 25 16:18:58 2015) [sssd[be[ipa.mydomain.local]]] [acctinfo_callback] 
(0x0100): Request processed. Returned 0,0,Success
(Thu Jun 25 16:19:02 2015) [sssd[be[ipa.mydomain.local]]] [be_get_subdomains] 
(0x0400): Got get subdomains [otherdomain.com]
(Thu Jun 25 16:19:02 2015) [sssd[be[ipa.mydomain.local]]] 
[get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>) [Success]
(Thu Jun 25 16:19:02 2015) [sssd[be[ipa.mydomain.local]]] [be_get_subdomains] 
(0x0400): Got get subdomains [otherdomain.com]
(Thu Jun 25 16:19:02 2015) [sssd[be[ipa.mydomain.local]]] 
[get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>) [Success]
(Thu Jun 25 16:19:02 2015) [sssd[be[ipa.mydomain.local]]] [be_get_subdomains] 
(0x0400): Got get subdomains [otherdomain.com]
(Thu Jun 25 16:19:02 2015) [sssd[be[ipa.mydomain.local]]] 
[get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>) [Success]
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to