On Fri, Nov 10, 2017 at 02:53:55PM +, Galen Johnson wrote:
> ?Hey,
>
>
> We've recently noticed that users logging in using emails are having issues
> when they use camel case but it works fine when all lower case. We haven't
> changed the configs so
>
>
> case_sensitive = preserving?
>
It's possible that whatever is causing this is in the nss module since it
appears that the lowercase address is found where mixed case is not. Previous
comment pertained to domain logs. Just browsed the nss log. Still stymied...
=G=
From: Galen Johnson
Ignore the comment about the query missing. I started fresh and see the same
query where the only difference is the case...however, where the mixed case
fails, the lowcase continues. Even at debug level 10 I'm not seeing anything
obvious as to why it moves on for the lowcase example. Up to
I've done a bit more digging and sssd handles the request differently when it's
mixed case versus all lowercase...when it's mixed case, I see this search
string in the logs
(Mon Nov 13 22:50:11:092700 2017) [sssd[be[exnet]]] [sdap_get_generic_ext_step]
(0x0400): calling ldap_search_ext with
On ma, 13 marras 2017, Charles Hedrick wrote:
While we’re on this subject, it would be useful for IPA to support
netgroup.byhost. That would give signifiant advantages with Netapp. If
that is supported, Netapp will look up the netgroups for a host every
time a mount is done. Without it, they
On ma, 13 marras 2017, Charles Hedrick wrote:
Sure. We use netgroups for /etc/exports. The most natural format for triples is
(host,,)
That’s the format Netapp documents. By default, ipa netgroup-add-member uses
(host,-,domain)
where domain seems to come from our Kerberos domain. Netapp
On ma, 13 marras 2017, Charles Hedrick wrote:
So, the real issue is SSSD's inability to support empty netgroup domain
part, right?
Yes, that’s the real bug. It doesn’t appear that the other issues are
serious, as I can’t find any real appiication that uses the NIS entries
as triples.
The sssd
On Mon, Nov 13, 2017 at 11:16 AM, Pavel Březina wrote:
> Hello,
>
> It took me a lot longer than I expected but here it is at last. This is my
> set of scripts that use vagrant and Ansible to automatically provision
> virtual environment that I use to develop and test SSSD.
>
> On Nov 13, 2017, at 12:51 PM, Alexander Bokovoy wrote:
>
> Not sure why you keep saying that.
Your example showed only one entry. Suppose I want to generate
(host1, user1,)
(host2, user2,)
I can use
ipa netgroup-add-member —hosts=host1 —users=user1
ipa
The netapp is using LDAP with RFC2307 for all name service. That include users,
groups, and netgroups.
What they are asking for is for LDAP to implement netgroup.byhost. It appears
that AD does this. As far as I can tell, they are looking for
nisMapName=netgroup.byhost accessed via LDAP.
I
> So, the real issue is SSSD's inability to support empty netgroup domain
> part, right?
Yes, that’s the real bug. It doesn’t appear that the other issues are serious,
as I can’t find any real appiication that uses the NIS entries as triples.
The sssd problem is moderately serious for me. I
I just looked at documentation and source code. All the documentation I can
find for netgroups leaves the semantics up to the application. The net group
documentation does, however, imply that we’re dealing with a set of triples,
not separate host and user lists. I checked the source for both
While we’re on this subject, it would be useful for IPA to support
netgroup.byhost. That would give signifiant advantages with Netapp. If that is
supported, Netapp will look up the netgroups for a host every time a mount is
done. Without it, they consider that reloading the whole net group file
Sure. We use netgroups for /etc/exports. The most natural format for triples is
(host,,)
That’s the format Netapp documents. By default, ipa netgroup-add-member uses
(host,-,domain)
where domain seems to come from our Kerberos domain. Netapp documentation
requests leaving that field blank,
On (13/11/17 11:20), Andrea Passuello wrote:
>Thanks all for the answers.
>
>This is the debug with level=10.
>
>
>(Mon Nov 13 10:35:40 2017) [sssd[be[MYDOMAIN.COM]]] [sbus_dispatch]
>(0x4000): dbus conn: 0xe76180
>(Mon Nov 13 10:35:40 2017) [sssd[be[MYDOMAIN.COM]]] [sbus_dispatch]
>(0x4000):
On ma, 13 marras 2017, Pavel Březina wrote:
On 11/08/2017 11:47 PM, Charles Hedrick wrote:
In my opinion the whole rfc3704bis implementation of net groups is
wonky.
RFC 3704bis does not exist. RFC3704 is about ingress filtering in
multihome networks. Are you talking about RFC 2307bis?
This
Hello,
It took me a lot longer than I expected but here it is at last. This is
my set of scripts that use vagrant and Ansible to automatically
provision virtual environment that I use to develop and test SSSD.
To create this environment you only need to run one command:
$ ./setup.sh
and
17 matches
Mail list logo