[SSSD-users] Re: Experiencing a bug on users' name and ID
On Fri, May 25, 2018 at 3:04 PM, Sumit Bose wrote: > > > Hi Sumit, > > > > Do you know if there might be a workaround where may be we setup a ldap > > replica and make change on the some of the attributes on the local copy > > instead? > > > > May be that would be a possible solution? > > yes, as long as the UID and GID attributes are real numerical values it > should work. > Yes, I have not done ldap replication. Trying to see how to keep a live replication where mnetid attribute is string and how to overwrite a local copy of mnetid as numeric Let me know if you have any hint. I probably will ping openldap mailing list. > > bye, > Sumit > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/CUFN5E4WR7TJP3RYZ2WPWINDLMU5HDW4/
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Wed, May 23, 2018 at 02:03:11PM -0400, Asif Iqbal wrote: > On Wed, May 2, 2018 at 3:02 PM, Asif Iqbal wrote: > > > > > > > On Tue, Apr 24, 2018 at 1:35 PM, Asif Iqbal wrote: > > > >> > >> > >> On Wed, Apr 18, 2018 at 10:49 AM, Sumit Bose wrote: > >> > >>> > [.. stripped for brevity ..] > >>> > > > > >>> > > Hi Sumit et al., > >>> > > > >>> > > Still like some help to resolve this. > >>> > > >>> > Thank you for the logs. Unfortunately I cannot see the reason in the > >>> > logs why it does not work. I'll have to replicate your setup and try to > >>> > reproduce the issue and will send my findings in a few days. > >>> > >>> I was able to reproduce the issue if I use a string attribute with a > >>> leading white-space as UID attribute. I have to think a bit about how > >>> this can be fixed in a general way. > >>> > >>> bye, > >>> Sumit > >>> > >>> > >> Hi Sumit, > >> > >> Let me know if you need something for me. I am still looking for a > >> workaround > >> > >> Appreciate your help! > >> > >> > > > > Hi Sumit, > > > > Were you able to find a workaround for this? > > > > Appreciate your help > > > > > > > Hi Sumit, > > Do you know if there might be a workaround where may be we setup a ldap > replica and make change on the some of the attributes on the local copy > instead? > > May be that would be a possible solution? yes, as long as the UID and GID attributes are real numerical values it should work. bye, Sumit > > > > > -- > > Asif Iqbal > > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > > A: Because it messes up the order in which people normally read text. > > Q: Why is top-posting such a bad thing? > > > > > > > -- > Asif Iqbal > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > ___ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/OJWO45K3ERTKR44XO7MRXW62P3BLZBLD/ ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/H2LDJ3NTQEWGCQOS7DCHZWDRY2DNXBIL/
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Wed, May 2, 2018 at 3:02 PM, Asif Iqbal wrote: > > > On Tue, Apr 24, 2018 at 1:35 PM, Asif Iqbal wrote: > >> >> >> On Wed, Apr 18, 2018 at 10:49 AM, Sumit Bose wrote: >> >>> > [.. stripped for brevity ..] >>> > > > >>> > > Hi Sumit et al., >>> > > >>> > > Still like some help to resolve this. >>> > >>> > Thank you for the logs. Unfortunately I cannot see the reason in the >>> > logs why it does not work. I'll have to replicate your setup and try to >>> > reproduce the issue and will send my findings in a few days. >>> >>> I was able to reproduce the issue if I use a string attribute with a >>> leading white-space as UID attribute. I have to think a bit about how >>> this can be fixed in a general way. >>> >>> bye, >>> Sumit >>> >>> >> Hi Sumit, >> >> Let me know if you need something for me. I am still looking for a >> workaround >> >> Appreciate your help! >> >> > > Hi Sumit, > > Were you able to find a workaround for this? > > Appreciate your help > > > Hi Sumit, Do you know if there might be a workaround where may be we setup a ldap replica and make change on the some of the attributes on the local copy instead? May be that would be a possible solution? > -- > Asif Iqbal > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/OJWO45K3ERTKR44XO7MRXW62P3BLZBLD/
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Tue, Apr 24, 2018 at 1:35 PM, Asif Iqbal wrote: > > > On Wed, Apr 18, 2018 at 10:49 AM, Sumit Bose wrote: > >> > [.. stripped for brevity ..] >> > > > >> > > Hi Sumit et al., >> > > >> > > Still like some help to resolve this. >> > >> > Thank you for the logs. Unfortunately I cannot see the reason in the >> > logs why it does not work. I'll have to replicate your setup and try to >> > reproduce the issue and will send my findings in a few days. >> >> I was able to reproduce the issue if I use a string attribute with a >> leading white-space as UID attribute. I have to think a bit about how >> this can be fixed in a general way. >> >> bye, >> Sumit >> >> > Hi Sumit, > > Let me know if you need something for me. I am still looking for a > workaround > > Appreciate your help! > > Hi Sumit, Were you able to find a workaround for this? Appreciate your help -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Wed, Apr 18, 2018 at 10:49 AM, Sumit Bose wrote: > > [.. stripped for brevity ..] > > > > > > > Hi Sumit et al., > > > > > > Still like some help to resolve this. > > > > Thank you for the logs. Unfortunately I cannot see the reason in the > > logs why it does not work. I'll have to replicate your setup and try to > > reproduce the issue and will send my findings in a few days. > > I was able to reproduce the issue if I use a string attribute with a > leading white-space as UID attribute. I have to think a bit about how > this can be fixed in a general way. > > bye, > Sumit > > Hi Sumit, Let me know if you need something for me. I am still looking for a workaround Appreciate your help! > > > > bye, > > Sumit > > > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Wed, Apr 18, 2018 at 10:49 AM, Sumit Bose wrote: > On Tue, Apr 10, 2018 at 01:30:44PM +0200, Sumit Bose wrote: > > On Mon, Apr 09, 2018 at 10:53:51AM -0400, Asif Iqbal wrote: > > > On Mon, Apr 2, 2018 at 12:20 PM, Asif Iqbal wrote: > > > > > > > > > > > > > > > On Tue, Mar 27, 2018 at 4:43 AM, Sumit Bose > wrote: > > > > > > > >> On Fri, Mar 23, 2018 at 06:13:39PM -0400, Asif Iqbal wrote: > > > >> > On Thu, Mar 22, 2018 at 2:51 PM, Asif Iqbal > wrote: > > > >> > > > > >> > > > [..stripped for brevity..] > > > >> > >>> > > > So I see 5% of current users have mnetid with leading 0. > > > >> > >>> > > > > > > >> > >>> > > > So I never used sss_override. How do I use sss_override > to > > > >> make > > > >> > >>> mnetid > > > >> > >>> > > > 004311 > > > >> > >>> > > > to work with sss when ldap id mapping tries to map 4311 > > > >> instead? > > > >> > >>> > > > > > > >> > >>> > > > Appreciate your help! > > > >> > >>> > > > > > >> > >>> > > I haven't tested it with your setup but > > > >> > >>> > > > > > >> > >>> > > sss_override user_add mwvande --uid 4311 --gid 4311 > > > >> > >>> > > sss_override group_add mwvande --gid 4311 > > > >> > >>> > > > > > >> > >>> > > should create the needed override data so that user and > group > > > >> mwvande > > > >> > >>> > > can be looked up with the ID 4311. > > > >> > >>> > > > > > >> > >>> > > > > >> > >>> > > > > >> > >>> > So I can lookup by 4311 after this. Very nice! > > > >> > >>> > > > > >> > >>> > Do I need to restart sssd after these two commands? > > > >> > >>> > > > >> > >>> You have to restart SSSD after adding the first overrides to > switch > > > >> on > > > >> > >>> the override handling. If you add additional override later > on you > > > >> do > > > >> > >>> not have to restart SSSD, but you might need to wait until > some > > > >> cache > > > >> > >>> timeouts are passed before the overridden values are shown. > > > >> > >>> > > > >> > >> > > > >> > >> > > > >> > >> I have a user today complained whose mnetid has leading 0s > > > >> > >> > > > >> > >> [mwvande@example:]$ ssh sgx2-brdr-01 > > > >> > >> > > > >> > >> No user exists for uid 4311 > > > >> > >> > > > >> > >> I already have the sss_override ran last week for 100 users > last > > > >> week and > > > >> > >> sssd was restarted. > > > >> > >> > > > >> > >> > > > >> > >> > > > >> > >> > > > >> > > I am still wondering if there is a gap in my using sss_override > > > >> > > > > > >> > > I have ran this, example commands, for all users with leading > 0s in > > > >> mnetid > > > >> > > > > > >> > >sss_override user-add mwvande --uid 4311--gid 4311 > > > >> > >sss_override group-add mwvande --gid 4311 > > > >> > > > > > >> > > Then I ran the systemctl restart sssd > > > >> > > > >> As said earlier I haven't tested overrides with your type of setup, > so > > > >> I'm not sure if they work as expected. After adding the overrides > and > > > >> restarting SSSD with debug_level=9 in the [nss] and [domain/...] > > > >> sections of sssd.conf, can you call 'sss_cache -E' and 'getent > passwd > > > >> 4311' and send me the related logs. > > > >> > > > >> bye, > > > >> Sumit > > > >> > > > >> > > > > # sss_cache -E > > > > # getent passwd 4311 > > > > (no output) > > > > > > > > sssd_LDAP.log https://gist.github.com/ > 7170405abc3c7b8a2fac0211f4452aab > > > > > > > > sssd_nss.log https://gist.github.com/cd1a4a1323c94d0284d4001fe364bf > 71 > > > > > > > > Appreciate your help! > > > > > > > > > > > > > > > Hi Sumit et al., > > > > > > Still like some help to resolve this. > > > > Thank you for the logs. Unfortunately I cannot see the reason in the > > logs why it does not work. I'll have to replicate your setup and try to > > reproduce the issue and will send my findings in a few days. > > I was able to reproduce the issue if I use a string attribute with a > leading white-space as UID attribute. I have to think a bit about how > this can be fixed in a general way. > I am glad(?) you saw same issue. Appreciate your help! > > bye, > Sumit > > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Tue, Apr 10, 2018 at 01:30:44PM +0200, Sumit Bose wrote: > On Mon, Apr 09, 2018 at 10:53:51AM -0400, Asif Iqbal wrote: > > On Mon, Apr 2, 2018 at 12:20 PM, Asif Iqbal wrote: > > > > > > > > > > > On Tue, Mar 27, 2018 at 4:43 AM, Sumit Bose wrote: > > > > > >> On Fri, Mar 23, 2018 at 06:13:39PM -0400, Asif Iqbal wrote: > > >> > On Thu, Mar 22, 2018 at 2:51 PM, Asif Iqbal wrote: > > >> > > > >> > > > [..stripped for brevity..] > > >> > >>> > > > So I see 5% of current users have mnetid with leading 0. > > >> > >>> > > > > > >> > >>> > > > So I never used sss_override. How do I use sss_override to > > >> make > > >> > >>> mnetid > > >> > >>> > > > 004311 > > >> > >>> > > > to work with sss when ldap id mapping tries to map 4311 > > >> instead? > > >> > >>> > > > > > >> > >>> > > > Appreciate your help! > > >> > >>> > > > > >> > >>> > > I haven't tested it with your setup but > > >> > >>> > > > > >> > >>> > > sss_override user_add mwvande --uid 4311 --gid 4311 > > >> > >>> > > sss_override group_add mwvande --gid 4311 > > >> > >>> > > > > >> > >>> > > should create the needed override data so that user and group > > >> mwvande > > >> > >>> > > can be looked up with the ID 4311. > > >> > >>> > > > > >> > >>> > > > >> > >>> > > > >> > >>> > So I can lookup by 4311 after this. Very nice! > > >> > >>> > > > >> > >>> > Do I need to restart sssd after these two commands? > > >> > >>> > > >> > >>> You have to restart SSSD after adding the first overrides to switch > > >> on > > >> > >>> the override handling. If you add additional override later on you > > >> do > > >> > >>> not have to restart SSSD, but you might need to wait until some > > >> cache > > >> > >>> timeouts are passed before the overridden values are shown. > > >> > >>> > > >> > >> > > >> > >> > > >> > >> I have a user today complained whose mnetid has leading 0s > > >> > >> > > >> > >> [mwvande@example:]$ ssh sgx2-brdr-01 > > >> > >> > > >> > >> No user exists for uid 4311 > > >> > >> > > >> > >> I already have the sss_override ran last week for 100 users last > > >> week and > > >> > >> sssd was restarted. > > >> > >> > > >> > >> > > >> > >> > > >> > >> > > >> > > I am still wondering if there is a gap in my using sss_override > > >> > > > > >> > > I have ran this, example commands, for all users with leading 0s in > > >> mnetid > > >> > > > > >> > >sss_override user-add mwvande --uid 4311--gid 4311 > > >> > >sss_override group-add mwvande --gid 4311 > > >> > > > > >> > > Then I ran the systemctl restart sssd > > >> > > >> As said earlier I haven't tested overrides with your type of setup, so > > >> I'm not sure if they work as expected. After adding the overrides and > > >> restarting SSSD with debug_level=9 in the [nss] and [domain/...] > > >> sections of sssd.conf, can you call 'sss_cache -E' and 'getent passwd > > >> 4311' and send me the related logs. > > >> > > >> bye, > > >> Sumit > > >> > > >> > > > # sss_cache -E > > > # getent passwd 4311 > > > (no output) > > > > > > sssd_LDAP.log https://gist.github.com/7170405abc3c7b8a2fac0211f4452aab > > > > > > sssd_nss.log https://gist.github.com/cd1a4a1323c94d0284d4001fe364bf71 > > > > > > Appreciate your help! > > > > > > > > > > > Hi Sumit et al., > > > > Still like some help to resolve this. > > Thank you for the logs. Unfortunately I cannot see the reason in the > logs why it does not work. I'll have to replicate your setup and try to > reproduce the issue and will send my findings in a few days. I was able to reproduce the issue if I use a string attribute with a leading white-space as UID attribute. I have to think a bit about how this can be fixed in a general way. bye, Sumit > > bye, > Sumit > > > > > > > > > > -- > > > Asif Iqbal > > > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > > > A: Because it messes up the order in which people normally read text. > > > Q: Why is top-posting such a bad thing? > > > > > > > > > > > > -- > > Asif Iqbal > > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > > A: Because it messes up the order in which people normally read text. > > Q: Why is top-posting such a bad thing? > > > ___ > > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > ___ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Mon, Apr 09, 2018 at 10:53:51AM -0400, Asif Iqbal wrote: > On Mon, Apr 2, 2018 at 12:20 PM, Asif Iqbal wrote: > > > > > > > On Tue, Mar 27, 2018 at 4:43 AM, Sumit Bose wrote: > > > >> On Fri, Mar 23, 2018 at 06:13:39PM -0400, Asif Iqbal wrote: > >> > On Thu, Mar 22, 2018 at 2:51 PM, Asif Iqbal wrote: > >> > > >> > > > [..stripped for brevity..] > >> > >>> > > > So I see 5% of current users have mnetid with leading 0. > >> > >>> > > > > >> > >>> > > > So I never used sss_override. How do I use sss_override to > >> make > >> > >>> mnetid > >> > >>> > > > 004311 > >> > >>> > > > to work with sss when ldap id mapping tries to map 4311 > >> instead? > >> > >>> > > > > >> > >>> > > > Appreciate your help! > >> > >>> > > > >> > >>> > > I haven't tested it with your setup but > >> > >>> > > > >> > >>> > > sss_override user_add mwvande --uid 4311 --gid 4311 > >> > >>> > > sss_override group_add mwvande --gid 4311 > >> > >>> > > > >> > >>> > > should create the needed override data so that user and group > >> mwvande > >> > >>> > > can be looked up with the ID 4311. > >> > >>> > > > >> > >>> > > >> > >>> > > >> > >>> > So I can lookup by 4311 after this. Very nice! > >> > >>> > > >> > >>> > Do I need to restart sssd after these two commands? > >> > >>> > >> > >>> You have to restart SSSD after adding the first overrides to switch > >> on > >> > >>> the override handling. If you add additional override later on you > >> do > >> > >>> not have to restart SSSD, but you might need to wait until some > >> cache > >> > >>> timeouts are passed before the overridden values are shown. > >> > >>> > >> > >> > >> > >> > >> > >> I have a user today complained whose mnetid has leading 0s > >> > >> > >> > >> [mwvande@example:]$ ssh sgx2-brdr-01 > >> > >> > >> > >> No user exists for uid 4311 > >> > >> > >> > >> I already have the sss_override ran last week for 100 users last > >> week and > >> > >> sssd was restarted. > >> > >> > >> > >> > >> > >> > >> > >> > >> > > I am still wondering if there is a gap in my using sss_override > >> > > > >> > > I have ran this, example commands, for all users with leading 0s in > >> mnetid > >> > > > >> > >sss_override user-add mwvande --uid 4311--gid 4311 > >> > >sss_override group-add mwvande --gid 4311 > >> > > > >> > > Then I ran the systemctl restart sssd > >> > >> As said earlier I haven't tested overrides with your type of setup, so > >> I'm not sure if they work as expected. After adding the overrides and > >> restarting SSSD with debug_level=9 in the [nss] and [domain/...] > >> sections of sssd.conf, can you call 'sss_cache -E' and 'getent passwd > >> 4311' and send me the related logs. > >> > >> bye, > >> Sumit > >> > >> > > # sss_cache -E > > # getent passwd 4311 > > (no output) > > > > sssd_LDAP.log https://gist.github.com/7170405abc3c7b8a2fac0211f4452aab > > > > sssd_nss.log https://gist.github.com/cd1a4a1323c94d0284d4001fe364bf71 > > > > Appreciate your help! > > > > > > > Hi Sumit et al., > > Still like some help to resolve this. Thank you for the logs. Unfortunately I cannot see the reason in the logs why it does not work. I'll have to replicate your setup and try to reproduce the issue and will send my findings in a few days. bye, Sumit > > > > > -- > > Asif Iqbal > > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > > A: Because it messes up the order in which people normally read text. > > Q: Why is top-posting such a bad thing? > > > > > > > -- > Asif Iqbal > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > ___ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Mon, Apr 2, 2018 at 12:20 PM, Asif Iqbal wrote: > > > On Tue, Mar 27, 2018 at 4:43 AM, Sumit Bose wrote: > >> On Fri, Mar 23, 2018 at 06:13:39PM -0400, Asif Iqbal wrote: >> > On Thu, Mar 22, 2018 at 2:51 PM, Asif Iqbal wrote: >> > >> > > > [..stripped for brevity..] >> > >>> > > > So I see 5% of current users have mnetid with leading 0. >> > >>> > > > >> > >>> > > > So I never used sss_override. How do I use sss_override to >> make >> > >>> mnetid >> > >>> > > > 004311 >> > >>> > > > to work with sss when ldap id mapping tries to map 4311 >> instead? >> > >>> > > > >> > >>> > > > Appreciate your help! >> > >>> > > >> > >>> > > I haven't tested it with your setup but >> > >>> > > >> > >>> > > sss_override user_add mwvande --uid 4311 --gid 4311 >> > >>> > > sss_override group_add mwvande --gid 4311 >> > >>> > > >> > >>> > > should create the needed override data so that user and group >> mwvande >> > >>> > > can be looked up with the ID 4311. >> > >>> > > >> > >>> > >> > >>> > >> > >>> > So I can lookup by 4311 after this. Very nice! >> > >>> > >> > >>> > Do I need to restart sssd after these two commands? >> > >>> >> > >>> You have to restart SSSD after adding the first overrides to switch >> on >> > >>> the override handling. If you add additional override later on you >> do >> > >>> not have to restart SSSD, but you might need to wait until some >> cache >> > >>> timeouts are passed before the overridden values are shown. >> > >>> >> > >> >> > >> >> > >> I have a user today complained whose mnetid has leading 0s >> > >> >> > >> [mwvande@example:]$ ssh sgx2-brdr-01 >> > >> >> > >> No user exists for uid 4311 >> > >> >> > >> I already have the sss_override ran last week for 100 users last >> week and >> > >> sssd was restarted. >> > >> >> > >> >> > >> >> > >> >> > > I am still wondering if there is a gap in my using sss_override >> > > >> > > I have ran this, example commands, for all users with leading 0s in >> mnetid >> > > >> > >sss_override user-add mwvande --uid 4311--gid 4311 >> > >sss_override group-add mwvande --gid 4311 >> > > >> > > Then I ran the systemctl restart sssd >> >> As said earlier I haven't tested overrides with your type of setup, so >> I'm not sure if they work as expected. After adding the overrides and >> restarting SSSD with debug_level=9 in the [nss] and [domain/...] >> sections of sssd.conf, can you call 'sss_cache -E' and 'getent passwd >> 4311' and send me the related logs. >> >> bye, >> Sumit >> >> > # sss_cache -E > # getent passwd 4311 > (no output) > > sssd_LDAP.log https://gist.github.com/7170405abc3c7b8a2fac0211f4452aab > > sssd_nss.log https://gist.github.com/cd1a4a1323c94d0284d4001fe364bf71 > > Appreciate your help! > > > Hi Sumit et al., Still like some help to resolve this. > -- > Asif Iqbal > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Tue, Mar 27, 2018 at 4:43 AM, Sumit Bose wrote: > On Fri, Mar 23, 2018 at 06:13:39PM -0400, Asif Iqbal wrote: > > On Thu, Mar 22, 2018 at 2:51 PM, Asif Iqbal wrote: > > > > > > [..stripped for brevity..] > > >>> > > > So I see 5% of current users have mnetid with leading 0. > > >>> > > > > > >>> > > > So I never used sss_override. How do I use sss_override to make > > >>> mnetid > > >>> > > > 004311 > > >>> > > > to work with sss when ldap id mapping tries to map 4311 > instead? > > >>> > > > > > >>> > > > Appreciate your help! > > >>> > > > > >>> > > I haven't tested it with your setup but > > >>> > > > > >>> > > sss_override user_add mwvande --uid 4311 --gid 4311 > > >>> > > sss_override group_add mwvande --gid 4311 > > >>> > > > > >>> > > should create the needed override data so that user and group > mwvande > > >>> > > can be looked up with the ID 4311. > > >>> > > > > >>> > > > >>> > > > >>> > So I can lookup by 4311 after this. Very nice! > > >>> > > > >>> > Do I need to restart sssd after these two commands? > > >>> > > >>> You have to restart SSSD after adding the first overrides to switch > on > > >>> the override handling. If you add additional override later on you do > > >>> not have to restart SSSD, but you might need to wait until some cache > > >>> timeouts are passed before the overridden values are shown. > > >>> > > >> > > >> > > >> I have a user today complained whose mnetid has leading 0s > > >> > > >> [mwvande@example:]$ ssh sgx2-brdr-01 > > >> > > >> No user exists for uid 4311 > > >> > > >> I already have the sss_override ran last week for 100 users last week > and > > >> sssd was restarted. > > >> > > >> > > >> > > >> > > > I am still wondering if there is a gap in my using sss_override > > > > > > I have ran this, example commands, for all users with leading 0s in > mnetid > > > > > >sss_override user-add mwvande --uid 4311--gid 4311 > > >sss_override group-add mwvande --gid 4311 > > > > > > Then I ran the systemctl restart sssd > > As said earlier I haven't tested overrides with your type of setup, so > I'm not sure if they work as expected. After adding the overrides and > restarting SSSD with debug_level=9 in the [nss] and [domain/...] > sections of sssd.conf, can you call 'sss_cache -E' and 'getent passwd > 4311' and send me the related logs. > > bye, > Sumit > > # sss_cache -E # getent passwd 4311 (no output) sssd_LDAP.log https://gist.github.com/7170405abc3c7b8a2fac0211f4452aab sssd_nss.log https://gist.github.com/cd1a4a1323c94d0284d4001fe364bf71 Appreciate your help! -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Fri, Mar 23, 2018 at 06:13:39PM -0400, Asif Iqbal wrote: > On Thu, Mar 22, 2018 at 2:51 PM, Asif Iqbal wrote: > > > > [..stripped for brevity..] > >>> > > > So I see 5% of current users have mnetid with leading 0. > >>> > > > > >>> > > > So I never used sss_override. How do I use sss_override to make > >>> mnetid > >>> > > > 004311 > >>> > > > to work with sss when ldap id mapping tries to map 4311 instead? > >>> > > > > >>> > > > Appreciate your help! > >>> > > > >>> > > I haven't tested it with your setup but > >>> > > > >>> > > sss_override user_add mwvande --uid 4311 --gid 4311 > >>> > > sss_override group_add mwvande --gid 4311 > >>> > > > >>> > > should create the needed override data so that user and group mwvande > >>> > > can be looked up with the ID 4311. > >>> > > > >>> > > >>> > > >>> > So I can lookup by 4311 after this. Very nice! > >>> > > >>> > Do I need to restart sssd after these two commands? > >>> > >>> You have to restart SSSD after adding the first overrides to switch on > >>> the override handling. If you add additional override later on you do > >>> not have to restart SSSD, but you might need to wait until some cache > >>> timeouts are passed before the overridden values are shown. > >>> > >> > >> > >> I have a user today complained whose mnetid has leading 0s > >> > >> [mwvande@example:]$ ssh sgx2-brdr-01 > >> > >> No user exists for uid 4311 > >> > >> I already have the sss_override ran last week for 100 users last week and > >> sssd was restarted. > >> > >> > >> > >> > > I am still wondering if there is a gap in my using sss_override > > > > I have ran this, example commands, for all users with leading 0s in mnetid > > > >sss_override user-add mwvande --uid 4311--gid 4311 > >sss_override group-add mwvande --gid 4311 > > > > Then I ran the systemctl restart sssd As said earlier I haven't tested overrides with your type of setup, so I'm not sure if they work as expected. After adding the overrides and restarting SSSD with debug_level=9 in the [nss] and [domain/...] sections of sssd.conf, can you call 'sss_cache -E' and 'getent passwd 4311' and send me the related logs. bye, Sumit > > > > Is there a step I am missing? > > > > I have another user having the same issue with mnetid 027505 and > username ac09446 > > As a workaround he ran `getent passwd ac09446` and `getent group ac09446` > and that fixed it > > Please advise > > > > > > > > -- > > Asif Iqbal > > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > > A: Because it messes up the order in which people normally read text. > > Q: Why is top-posting such a bad thing? > > > > > > > -- > Asif Iqbal > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > ___ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Thu, Mar 22, 2018 at 2:51 PM, Asif Iqbal wrote: > > [..stripped for brevity..] >>> > > > So I see 5% of current users have mnetid with leading 0. >>> > > > >>> > > > So I never used sss_override. How do I use sss_override to make >>> mnetid >>> > > > 004311 >>> > > > to work with sss when ldap id mapping tries to map 4311 instead? >>> > > > >>> > > > Appreciate your help! >>> > > >>> > > I haven't tested it with your setup but >>> > > >>> > > sss_override user_add mwvande --uid 4311 --gid 4311 >>> > > sss_override group_add mwvande --gid 4311 >>> > > >>> > > should create the needed override data so that user and group mwvande >>> > > can be looked up with the ID 4311. >>> > > >>> > >>> > >>> > So I can lookup by 4311 after this. Very nice! >>> > >>> > Do I need to restart sssd after these two commands? >>> >>> You have to restart SSSD after adding the first overrides to switch on >>> the override handling. If you add additional override later on you do >>> not have to restart SSSD, but you might need to wait until some cache >>> timeouts are passed before the overridden values are shown. >>> >> >> >> I have a user today complained whose mnetid has leading 0s >> >> [mwvande@example:]$ ssh sgx2-brdr-01 >> >> No user exists for uid 4311 >> >> I already have the sss_override ran last week for 100 users last week and >> sssd was restarted. >> >> >> >> > I am still wondering if there is a gap in my using sss_override > > I have ran this, example commands, for all users with leading 0s in mnetid > >sss_override user-add mwvande --uid 4311--gid 4311 >sss_override group-add mwvande --gid 4311 > > Then I ran the systemctl restart sssd > > Is there a step I am missing? > I have another user having the same issue with mnetid 027505 and username ac09446 As a workaround he ran `getent passwd ac09446` and `getent group ac09446` and that fixed it Please advise > > -- > Asif Iqbal > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Wed, Mar 21, 2018 at 4:09 PM, Asif Iqbal wrote: > > > On Thu, Mar 15, 2018 at 4:42 AM, Sumit Bose wrote: > >> On Wed, Mar 14, 2018 at 03:42:28PM -0400, Asif Iqbal wrote: >> > On Tue, Mar 13, 2018 at 3:24 AM, Sumit Bose wrote: >> > >> > > On Mon, Mar 12, 2018 at 03:05:43PM -0400, Asif Iqbal wrote: >> > > > On Mon, Mar 12, 2018 at 11:04 AM, Asif Iqbal >> wrote: >> > > > >> > > > > >> > > > > >> > > > > On Mon, Mar 12, 2018 at 5:59 AM, Sumit Bose >> wrote: >> > > > > >> > > > >> On Sun, Mar 11, 2018 at 10:25:24AM -0400, Asif Iqbal wrote: >> > > > >> > I still like some help with any workaround in dealing with >> string. >> > > > >> > >> > > > >> > IT LDAP team do not have any attribute value with real number. >> Is it >> > > > >> > possible to create a local DB to map the mnetid to a real >> number and >> > > > >> then >> > > > >> > use that table as a reference for ID mapping? I am not sure if >> this >> > > > >> > discussion should be in developer mailing list. >> > > > >> >> > > > >> You might want to try local overrides, see man sss_override for >> > > details. >> > > > >> >> > > > > >> > > > > Let me read up on it real quick and explore that. What should I be >> > > looking >> > > > > for? >> > > > > How to override mnetid attribute value type from string to >> integer? >> > > > > >> > > > > >> > > > >> > > > So I see 5% of current users have mnetid with leading 0. >> > > > >> > > > So I never used sss_override. How do I use sss_override to make >> mnetid >> > > > 004311 >> > > > to work with sss when ldap id mapping tries to map 4311 instead? >> > > > >> > > > Appreciate your help! >> > > >> > > I haven't tested it with your setup but >> > > >> > > sss_override user_add mwvande --uid 4311 --gid 4311 >> > > sss_override group_add mwvande --gid 4311 >> > > >> > > should create the needed override data so that user and group mwvande >> > > can be looked up with the ID 4311. >> > > >> > >> > >> > So I can lookup by 4311 after this. Very nice! >> > >> > Do I need to restart sssd after these two commands? >> >> You have to restart SSSD after adding the first overrides to switch on >> the override handling. If you add additional override later on you do >> not have to restart SSSD, but you might need to wait until some cache >> timeouts are passed before the overridden values are shown. >> > > > I have a user today complained whose mnetid has leading 0s > > [mwvande@example:]$ ssh sgx2-brdr-01 > > No user exists for uid 4311 > > I already have the sss_override ran last week for 100 users last week and > sssd was restarted. > > > > I am still wondering if there is a gap in my using sss_override I have ran this, example commands, for all users with leading 0s in mnetid sss_override user-add mwvande --uid 4311--gid 4311 sss_override group-add mwvande --gid 4311 Then I ran the systemctl restart sssd Is there a step I am missing? -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Thu, Mar 15, 2018 at 4:42 AM, Sumit Bose wrote: > On Wed, Mar 14, 2018 at 03:42:28PM -0400, Asif Iqbal wrote: > > On Tue, Mar 13, 2018 at 3:24 AM, Sumit Bose wrote: > > > > > On Mon, Mar 12, 2018 at 03:05:43PM -0400, Asif Iqbal wrote: > > > > On Mon, Mar 12, 2018 at 11:04 AM, Asif Iqbal > wrote: > > > > > > > > > > > > > > > > > > > On Mon, Mar 12, 2018 at 5:59 AM, Sumit Bose > wrote: > > > > > > > > > >> On Sun, Mar 11, 2018 at 10:25:24AM -0400, Asif Iqbal wrote: > > > > >> > I still like some help with any workaround in dealing with > string. > > > > >> > > > > > >> > IT LDAP team do not have any attribute value with real number. > Is it > > > > >> > possible to create a local DB to map the mnetid to a real > number and > > > > >> then > > > > >> > use that table as a reference for ID mapping? I am not sure if > this > > > > >> > discussion should be in developer mailing list. > > > > >> > > > > >> You might want to try local overrides, see man sss_override for > > > details. > > > > >> > > > > > > > > > > Let me read up on it real quick and explore that. What should I be > > > looking > > > > > for? > > > > > How to override mnetid attribute value type from string to integer? > > > > > > > > > > > > > > > > > > So I see 5% of current users have mnetid with leading 0. > > > > > > > > So I never used sss_override. How do I use sss_override to make > mnetid > > > > 004311 > > > > to work with sss when ldap id mapping tries to map 4311 instead? > > > > > > > > Appreciate your help! > > > > > > I haven't tested it with your setup but > > > > > > sss_override user_add mwvande --uid 4311 --gid 4311 > > > sss_override group_add mwvande --gid 4311 > > > > > > should create the needed override data so that user and group mwvande > > > can be looked up with the ID 4311. > > > > > > > > > So I can lookup by 4311 after this. Very nice! > > > > Do I need to restart sssd after these two commands? > > You have to restart SSSD after adding the first overrides to switch on > the override handling. If you add additional override later on you do > not have to restart SSSD, but you might need to wait until some cache > timeouts are passed before the overridden values are shown. > I have a user today complained whose mnetid has leading 0s [mwvande@example:]$ ssh sgx2-brdr-01 No user exists for uid 4311 I already have the sss_override ran last week for 100 users last week and sssd was restarted. > bye, > Sumit > > > > > > > > > > > > > HTH > > > > > > bye, > > > Sumit > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >> As an alternative you might want to try to enable enumeration. > After > > > the > > > > >> initial enumeration run is done all users and groups are already > in > > > > >> SSSD's cache and lookups by id should work. But I'm not sure if > > > > >> enumeration can handle you setup where user and groups are > defined by > > > > >> the same LDAP object. > > > > >> > > > > >> > > > > > During initial setup, before this server was in production, I tried > > > > > enumeration on > > > > > and I think login were failing and it was doing ldap query for 2500 > > > users > > > > > and > > > > > almost was not responding. So kind of risky to go that path, since > most > > > > > users' > > > > > mnetd id do not have leading `0' and I might add more problem than > > > > > solution :-) > > > > > > > > > > > > > > > > > > > >> Finally, if it is possible to remove the leading '0's from mnetid > it > > > > >> should work as well because then '(mnetid=4311)' would match as > string > > > > >> as well. > > > > >> > > > > >> > > > > > I think I have the worst IT LDAP team. They will not change there > > > schema > > > > > and > > > > > remove any leading 0s from mnetid. > > > > > > > > > > Might be little off-topic, but I am not sure if we could have a > ldap > > > sync > > > > > all attributes > > > > > to a local ldap server minus the mnetid and we populate that with > > > numbers. > > > > > Probably > > > > > also add more work to address few user accounts with leading 0s > > > > > > > > > > > > > > > bye, > > > > >> Sumit > > > > >> > > > > >> > > > > > >> > Appreciate any help > > > > >> > > > > > >> > > > > > >> > > > > > >> > > > > > >> > On Mar 8, 2018 11:29 PM, "Asif Iqbal" wrote: > > > > >> > > > > > >> > > > > > >> > > > > > >> > On Wed, Feb 28, 2018 at 4:27 PM, Jakub Hrozek < > jhro...@redhat.com> > > > > >> wrote: > > > > >> > > > > > >> > > I think the next good step would be to show the LDIF and logs > of a > > > > >> > > resolution of a single faulty entry, e.g. 80974 which you used > > > > >> earlier as > > > > >> > > an example of an entry that doesn’t work. > > > > >> > > > > > > >> > > > > > >> > Here are some logs for this account > > > > >> > > > > > >> > dn: uid=mwvande,ou=People,dc=mnet,dc=qintra,dc=com > > > > >> > mnetid: 004311 > > > > >> > > > > > >> > (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] > > > > >> [dp_get_account_info_handler] > > > > >> > (0x0200):
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Wed, Mar 14, 2018 at 03:42:28PM -0400, Asif Iqbal wrote: > On Tue, Mar 13, 2018 at 3:24 AM, Sumit Bose wrote: > > > On Mon, Mar 12, 2018 at 03:05:43PM -0400, Asif Iqbal wrote: > > > On Mon, Mar 12, 2018 at 11:04 AM, Asif Iqbal wrote: > > > > > > > > > > > > > > > On Mon, Mar 12, 2018 at 5:59 AM, Sumit Bose wrote: > > > > > > > >> On Sun, Mar 11, 2018 at 10:25:24AM -0400, Asif Iqbal wrote: > > > >> > I still like some help with any workaround in dealing with string. > > > >> > > > > >> > IT LDAP team do not have any attribute value with real number. Is it > > > >> > possible to create a local DB to map the mnetid to a real number and > > > >> then > > > >> > use that table as a reference for ID mapping? I am not sure if this > > > >> > discussion should be in developer mailing list. > > > >> > > > >> You might want to try local overrides, see man sss_override for > > details. > > > >> > > > > > > > > Let me read up on it real quick and explore that. What should I be > > looking > > > > for? > > > > How to override mnetid attribute value type from string to integer? > > > > > > > > > > > > > > So I see 5% of current users have mnetid with leading 0. > > > > > > So I never used sss_override. How do I use sss_override to make mnetid > > > 004311 > > > to work with sss when ldap id mapping tries to map 4311 instead? > > > > > > Appreciate your help! > > > > I haven't tested it with your setup but > > > > sss_override user_add mwvande --uid 4311 --gid 4311 > > sss_override group_add mwvande --gid 4311 > > > > should create the needed override data so that user and group mwvande > > can be looked up with the ID 4311. > > > > > So I can lookup by 4311 after this. Very nice! > > Do I need to restart sssd after these two commands? You have to restart SSSD after adding the first overrides to switch on the override handling. If you add additional override later on you do not have to restart SSSD, but you might need to wait until some cache timeouts are passed before the overridden values are shown. bye, Sumit > > > > > > > HTH > > > > bye, > > Sumit > > > > > > > > > > > > > > > > > > > > > > > > > >> As an alternative you might want to try to enable enumeration. After > > the > > > >> initial enumeration run is done all users and groups are already in > > > >> SSSD's cache and lookups by id should work. But I'm not sure if > > > >> enumeration can handle you setup where user and groups are defined by > > > >> the same LDAP object. > > > >> > > > >> > > > > During initial setup, before this server was in production, I tried > > > > enumeration on > > > > and I think login were failing and it was doing ldap query for 2500 > > users > > > > and > > > > almost was not responding. So kind of risky to go that path, since most > > > > users' > > > > mnetd id do not have leading `0' and I might add more problem than > > > > solution :-) > > > > > > > > > > > > > > > >> Finally, if it is possible to remove the leading '0's from mnetid it > > > >> should work as well because then '(mnetid=4311)' would match as string > > > >> as well. > > > >> > > > >> > > > > I think I have the worst IT LDAP team. They will not change there > > schema > > > > and > > > > remove any leading 0s from mnetid. > > > > > > > > Might be little off-topic, but I am not sure if we could have a ldap > > sync > > > > all attributes > > > > to a local ldap server minus the mnetid and we populate that with > > numbers. > > > > Probably > > > > also add more work to address few user accounts with leading 0s > > > > > > > > > > > > bye, > > > >> Sumit > > > >> > > > >> > > > > >> > Appreciate any help > > > >> > > > > >> > > > > >> > > > > >> > > > > >> > On Mar 8, 2018 11:29 PM, "Asif Iqbal" wrote: > > > >> > > > > >> > > > > >> > > > > >> > On Wed, Feb 28, 2018 at 4:27 PM, Jakub Hrozek > > > >> wrote: > > > >> > > > > >> > > I think the next good step would be to show the LDIF and logs of a > > > >> > > resolution of a single faulty entry, e.g. 80974 which you used > > > >> earlier as > > > >> > > an example of an entry that doesn’t work. > > > >> > > > > > >> > > > > >> > Here are some logs for this account > > > >> > > > > >> > dn: uid=mwvande,ou=People,dc=mnet,dc=qintra,dc=com > > > >> > mnetid: 004311 > > > >> > > > > >> > (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] > > > >> [dp_get_account_info_handler] > > > >> > (0x0200): Got request for [0x1][BE_REQ_USER][idnumber=4311] > > > >> > (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] > > [sdap_get_generic_ext_step] > > > >> > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectclass= > > > >> > mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou=People,dc= > > > >> > mnet,dc=qintra,dc=com]. > > > >> > (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] > > [dp_table_value_destructor] > > > >> > (0x0400): Removing [0:1:0x0001:1::LDAP:idnumber=4311] from reply > > table > > > >> > (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] > > > >> [dp_get_account_info_handler] > > > >> > (0x0200):
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Tue, Mar 13, 2018 at 3:24 AM, Sumit Bose wrote: > On Mon, Mar 12, 2018 at 03:05:43PM -0400, Asif Iqbal wrote: > > On Mon, Mar 12, 2018 at 11:04 AM, Asif Iqbal wrote: > > > > > > > > > > > On Mon, Mar 12, 2018 at 5:59 AM, Sumit Bose wrote: > > > > > >> On Sun, Mar 11, 2018 at 10:25:24AM -0400, Asif Iqbal wrote: > > >> > I still like some help with any workaround in dealing with string. > > >> > > > >> > IT LDAP team do not have any attribute value with real number. Is it > > >> > possible to create a local DB to map the mnetid to a real number and > > >> then > > >> > use that table as a reference for ID mapping? I am not sure if this > > >> > discussion should be in developer mailing list. > > >> > > >> You might want to try local overrides, see man sss_override for > details. > > >> > > > > > > Let me read up on it real quick and explore that. What should I be > looking > > > for? > > > How to override mnetid attribute value type from string to integer? > > > > > > > > > > So I see 5% of current users have mnetid with leading 0. > > > > So I never used sss_override. How do I use sss_override to make mnetid > > 004311 > > to work with sss when ldap id mapping tries to map 4311 instead? > > > > Appreciate your help! > > I haven't tested it with your setup but > > sss_override user_add mwvande --uid 4311 --gid 4311 > sss_override group_add mwvande --gid 4311 > > should create the needed override data so that user and group mwvande > can be looked up with the ID 4311. > So I can lookup by 4311 after this. Very nice! Do I need to restart sssd after these two commands? > > HTH > > bye, > Sumit > > > > > > > > > > > > > > > > > >> As an alternative you might want to try to enable enumeration. After > the > > >> initial enumeration run is done all users and groups are already in > > >> SSSD's cache and lookups by id should work. But I'm not sure if > > >> enumeration can handle you setup where user and groups are defined by > > >> the same LDAP object. > > >> > > >> > > > During initial setup, before this server was in production, I tried > > > enumeration on > > > and I think login were failing and it was doing ldap query for 2500 > users > > > and > > > almost was not responding. So kind of risky to go that path, since most > > > users' > > > mnetd id do not have leading `0' and I might add more problem than > > > solution :-) > > > > > > > > > > > >> Finally, if it is possible to remove the leading '0's from mnetid it > > >> should work as well because then '(mnetid=4311)' would match as string > > >> as well. > > >> > > >> > > > I think I have the worst IT LDAP team. They will not change there > schema > > > and > > > remove any leading 0s from mnetid. > > > > > > Might be little off-topic, but I am not sure if we could have a ldap > sync > > > all attributes > > > to a local ldap server minus the mnetid and we populate that with > numbers. > > > Probably > > > also add more work to address few user accounts with leading 0s > > > > > > > > > bye, > > >> Sumit > > >> > > >> > > > >> > Appreciate any help > > >> > > > >> > > > >> > > > >> > > > >> > On Mar 8, 2018 11:29 PM, "Asif Iqbal" wrote: > > >> > > > >> > > > >> > > > >> > On Wed, Feb 28, 2018 at 4:27 PM, Jakub Hrozek > > >> wrote: > > >> > > > >> > > I think the next good step would be to show the LDIF and logs of a > > >> > > resolution of a single faulty entry, e.g. 80974 which you used > > >> earlier as > > >> > > an example of an entry that doesn’t work. > > >> > > > > >> > > > >> > Here are some logs for this account > > >> > > > >> > dn: uid=mwvande,ou=People,dc=mnet,dc=qintra,dc=com > > >> > mnetid: 004311 > > >> > > > >> > (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] > > >> [dp_get_account_info_handler] > > >> > (0x0200): Got request for [0x1][BE_REQ_USER][idnumber=4311] > > >> > (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] > [sdap_get_generic_ext_step] > > >> > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectclass= > > >> > mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou=People,dc= > > >> > mnet,dc=qintra,dc=com]. > > >> > (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] > [dp_table_value_destructor] > > >> > (0x0400): Removing [0:1:0x0001:1::LDAP:idnumber=4311] from reply > table > > >> > (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] > > >> [dp_get_account_info_handler] > > >> > (0x0200): Got request for [0x2][BE_REQ_GROUP][idnumber=4311] > > >> > (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] > [sdap_get_generic_ext_step] > > >> > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectClass= > > >> > inetOrgPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou= > > >> > People,dc=mnet,dc=qintra,dc=com]. > > >> > (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] > [dp_table_value_destructor] > > >> > (0x0400): Removing [0:1:0x0001:2::LDAP:idnumber=4311] from reply > table > > >> > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] > > >> [dp_get_account_info_handler] > > >> > (0x0200): Got request for [0x1][BE_REQ_USER][name=4311@
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Mon, Mar 12, 2018 at 03:05:43PM -0400, Asif Iqbal wrote: > On Mon, Mar 12, 2018 at 11:04 AM, Asif Iqbal wrote: > > > > > > > On Mon, Mar 12, 2018 at 5:59 AM, Sumit Bose wrote: > > > >> On Sun, Mar 11, 2018 at 10:25:24AM -0400, Asif Iqbal wrote: > >> > I still like some help with any workaround in dealing with string. > >> > > >> > IT LDAP team do not have any attribute value with real number. Is it > >> > possible to create a local DB to map the mnetid to a real number and > >> then > >> > use that table as a reference for ID mapping? I am not sure if this > >> > discussion should be in developer mailing list. > >> > >> You might want to try local overrides, see man sss_override for details. > >> > > > > Let me read up on it real quick and explore that. What should I be looking > > for? > > How to override mnetid attribute value type from string to integer? > > > > > > So I see 5% of current users have mnetid with leading 0. > > So I never used sss_override. How do I use sss_override to make mnetid > 004311 > to work with sss when ldap id mapping tries to map 4311 instead? > > Appreciate your help! I haven't tested it with your setup but sss_override user_add mwvande --uid 4311 --gid 4311 sss_override group_add mwvande --gid 4311 should create the needed override data so that user and group mwvande can be looked up with the ID 4311. HTH bye, Sumit > > > > > > > > > >> As an alternative you might want to try to enable enumeration. After the > >> initial enumeration run is done all users and groups are already in > >> SSSD's cache and lookups by id should work. But I'm not sure if > >> enumeration can handle you setup where user and groups are defined by > >> the same LDAP object. > >> > >> > > During initial setup, before this server was in production, I tried > > enumeration on > > and I think login were failing and it was doing ldap query for 2500 users > > and > > almost was not responding. So kind of risky to go that path, since most > > users' > > mnetd id do not have leading `0' and I might add more problem than > > solution :-) > > > > > > > >> Finally, if it is possible to remove the leading '0's from mnetid it > >> should work as well because then '(mnetid=4311)' would match as string > >> as well. > >> > >> > > I think I have the worst IT LDAP team. They will not change there schema > > and > > remove any leading 0s from mnetid. > > > > Might be little off-topic, but I am not sure if we could have a ldap sync > > all attributes > > to a local ldap server minus the mnetid and we populate that with numbers. > > Probably > > also add more work to address few user accounts with leading 0s > > > > > > bye, > >> Sumit > >> > >> > > >> > Appreciate any help > >> > > >> > > >> > > >> > > >> > On Mar 8, 2018 11:29 PM, "Asif Iqbal" wrote: > >> > > >> > > >> > > >> > On Wed, Feb 28, 2018 at 4:27 PM, Jakub Hrozek > >> wrote: > >> > > >> > > I think the next good step would be to show the LDIF and logs of a > >> > > resolution of a single faulty entry, e.g. 80974 which you used > >> earlier as > >> > > an example of an entry that doesn’t work. > >> > > > >> > > >> > Here are some logs for this account > >> > > >> > dn: uid=mwvande,ou=People,dc=mnet,dc=qintra,dc=com > >> > mnetid: 004311 > >> > > >> > (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] > >> [dp_get_account_info_handler] > >> > (0x0200): Got request for [0x1][BE_REQ_USER][idnumber=4311] > >> > (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] > >> > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectclass= > >> > mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou=People,dc= > >> > mnet,dc=qintra,dc=com]. > >> > (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] > >> > (0x0400): Removing [0:1:0x0001:1::LDAP:idnumber=4311] from reply table > >> > (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] > >> [dp_get_account_info_handler] > >> > (0x0200): Got request for [0x2][BE_REQ_GROUP][idnumber=4311] > >> > (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] > >> > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectClass= > >> > inetOrgPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou= > >> > People,dc=mnet,dc=qintra,dc=com]. > >> > (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] > >> > (0x0400): Removing [0:1:0x0001:2::LDAP:idnumber=4311] from reply table > >> > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] > >> [dp_get_account_info_handler] > >> > (0x0200): Got request for [0x1][BE_REQ_USER][name=4311@ldap] > >> > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] > >> > (0x0400): calling ldap_search_ext with [(&(uid=4311)(objectclass= > >> > mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou=People,dc= > >> > mnet,dc=qintra,dc=com]. > >> > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] > >> > (0x0400): Removing [0:1:0x0001:1::LDAP:name=4311@ldap] from reply table > >> > (Thu Mar 8 22:11:
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Mon, Mar 12, 2018 at 11:04 AM, Asif Iqbal wrote: > > > On Mon, Mar 12, 2018 at 5:59 AM, Sumit Bose wrote: > >> On Sun, Mar 11, 2018 at 10:25:24AM -0400, Asif Iqbal wrote: >> > I still like some help with any workaround in dealing with string. >> > >> > IT LDAP team do not have any attribute value with real number. Is it >> > possible to create a local DB to map the mnetid to a real number and >> then >> > use that table as a reference for ID mapping? I am not sure if this >> > discussion should be in developer mailing list. >> >> You might want to try local overrides, see man sss_override for details. >> > > Let me read up on it real quick and explore that. What should I be looking > for? > How to override mnetid attribute value type from string to integer? > > So I see 5% of current users have mnetid with leading 0. So I never used sss_override. How do I use sss_override to make mnetid 004311 to work with sss when ldap id mapping tries to map 4311 instead? Appreciate your help! > > >> As an alternative you might want to try to enable enumeration. After the >> initial enumeration run is done all users and groups are already in >> SSSD's cache and lookups by id should work. But I'm not sure if >> enumeration can handle you setup where user and groups are defined by >> the same LDAP object. >> >> > During initial setup, before this server was in production, I tried > enumeration on > and I think login were failing and it was doing ldap query for 2500 users > and > almost was not responding. So kind of risky to go that path, since most > users' > mnetd id do not have leading `0' and I might add more problem than > solution :-) > > > >> Finally, if it is possible to remove the leading '0's from mnetid it >> should work as well because then '(mnetid=4311)' would match as string >> as well. >> >> > I think I have the worst IT LDAP team. They will not change there schema > and > remove any leading 0s from mnetid. > > Might be little off-topic, but I am not sure if we could have a ldap sync > all attributes > to a local ldap server minus the mnetid and we populate that with numbers. > Probably > also add more work to address few user accounts with leading 0s > > > bye, >> Sumit >> >> > >> > Appreciate any help >> > >> > >> > >> > >> > On Mar 8, 2018 11:29 PM, "Asif Iqbal" wrote: >> > >> > >> > >> > On Wed, Feb 28, 2018 at 4:27 PM, Jakub Hrozek >> wrote: >> > >> > > I think the next good step would be to show the LDIF and logs of a >> > > resolution of a single faulty entry, e.g. 80974 which you used >> earlier as >> > > an example of an entry that doesn’t work. >> > > >> > >> > Here are some logs for this account >> > >> > dn: uid=mwvande,ou=People,dc=mnet,dc=qintra,dc=com >> > mnetid: 004311 >> > >> > (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] >> [dp_get_account_info_handler] >> > (0x0200): Got request for [0x1][BE_REQ_USER][idnumber=4311] >> > (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] >> > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectclass= >> > mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou=People,dc= >> > mnet,dc=qintra,dc=com]. >> > (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] >> > (0x0400): Removing [0:1:0x0001:1::LDAP:idnumber=4311] from reply table >> > (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] >> [dp_get_account_info_handler] >> > (0x0200): Got request for [0x2][BE_REQ_GROUP][idnumber=4311] >> > (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] >> > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectClass= >> > inetOrgPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou= >> > People,dc=mnet,dc=qintra,dc=com]. >> > (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] >> > (0x0400): Removing [0:1:0x0001:2::LDAP:idnumber=4311] from reply table >> > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] >> [dp_get_account_info_handler] >> > (0x0200): Got request for [0x1][BE_REQ_USER][name=4311@ldap] >> > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] >> > (0x0400): calling ldap_search_ext with [(&(uid=4311)(objectclass= >> > mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou=People,dc= >> > mnet,dc=qintra,dc=com]. >> > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] >> > (0x0400): Removing [0:1:0x0001:1::LDAP:name=4311@ldap] from reply table >> > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] >> [dp_get_account_info_handler] >> > (0x0200): Got request for [0x1][BE_REQ_USER][idnumber=4311] >> > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] >> > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectclass= >> > mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou=People,dc= >> > mnet,dc=qintra,dc=com]. >> > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] >> > (0x0400): Removing [0:1:0x0001:1::LDAP:idnumber=4311] from reply table >> > (Thu Mar 8 22:11:38 2018) [sssd[be[LDAP]]] >> [dp_g
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Mon, Mar 12, 2018 at 5:59 AM, Sumit Bose wrote: > On Sun, Mar 11, 2018 at 10:25:24AM -0400, Asif Iqbal wrote: > > I still like some help with any workaround in dealing with string. > > > > IT LDAP team do not have any attribute value with real number. Is it > > possible to create a local DB to map the mnetid to a real number and then > > use that table as a reference for ID mapping? I am not sure if this > > discussion should be in developer mailing list. > > You might want to try local overrides, see man sss_override for details. > > As an alternative you might want to try to enable enumeration. After the > initial enumeration run is done all users and groups are already in > SSSD's cache and lookups by id should work. But I'm not sure if > enumeration can handle you setup where user and groups are defined by > the same LDAP object. > > Finally, if it is possible to remove the leading '0's from mnetid it > should work as well because then '(mnetid=4311)' would match as string > as well. > So on a tangent from my original question I got a response from IT saying "It seems like you are trying to use a value for something it was never meant to be used for" They are referring to mnetid. As you can see there is huge reluctance in helping. to fix this issue. > bye, > Sumit > > > > > Appreciate any help > > > > > > > > > > On Mar 8, 2018 11:29 PM, "Asif Iqbal" wrote: > > > > > > > > On Wed, Feb 28, 2018 at 4:27 PM, Jakub Hrozek > wrote: > > > > > I think the next good step would be to show the LDIF and logs of a > > > resolution of a single faulty entry, e.g. 80974 which you used earlier > as > > > an example of an entry that doesn’t work. > > > > > > > Here are some logs for this account > > > > dn: uid=mwvande,ou=People,dc=mnet,dc=qintra,dc=com > > mnetid: 004311 > > > > (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] > > (0x0200): Got request for [0x1][BE_REQ_USER][idnumber=4311] > > (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] > > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectclass= > > mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou=People,dc= > > mnet,dc=qintra,dc=com]. > > (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] > > (0x0400): Removing [0:1:0x0001:1::LDAP:idnumber=4311] from reply table > > (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] > > (0x0200): Got request for [0x2][BE_REQ_GROUP][idnumber=4311] > > (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] > > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectClass= > > inetOrgPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou= > > People,dc=mnet,dc=qintra,dc=com]. > > (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] > > (0x0400): Removing [0:1:0x0001:2::LDAP:idnumber=4311] from reply table > > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] > > (0x0200): Got request for [0x1][BE_REQ_USER][name=4311@ldap] > > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] > > (0x0400): calling ldap_search_ext with [(&(uid=4311)(objectclass= > > mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou=People,dc= > > mnet,dc=qintra,dc=com]. > > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] > > (0x0400): Removing [0:1:0x0001:1::LDAP:name=4311@ldap] from reply table > > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] > > (0x0200): Got request for [0x1][BE_REQ_USER][idnumber=4311] > > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] > > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectclass= > > mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou=People,dc= > > mnet,dc=qintra,dc=com]. > > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] > > (0x0400): Removing [0:1:0x0001:1::LDAP:idnumber=4311] from reply table > > (Thu Mar 8 22:11:38 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] > > (0x0200): Got request for [0x2][BE_REQ_GROUP][idnumber=4311] > > (Thu Mar 8 22:11:38 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] > > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectClass= > > inetOrgPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou= > > People,dc=mnet,dc=qintra,dc=com]. > > (Thu Mar 8 22:11:38 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] > > (0x0400): Removing [0:1:0x0001:2::LDAP:idnumber=4311] from reply table > > (Thu Mar 8 22:12:00 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] > > (0x0200): Got request for [0x2][BE_REQ_GROUP][idnumber=4311] > > (Thu Mar 8 22:12:00 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] > > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectClass= > > inetOrgPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou= > > People,dc=mnet,dc=qintra,dc=com]. > > (Thu Mar 8 22:12:00 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] > > (0x0400): Removing [0:1:0x0001:2::LDAP:idnum
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Mon, Mar 12, 2018 at 5:59 AM, Sumit Bose wrote: > On Sun, Mar 11, 2018 at 10:25:24AM -0400, Asif Iqbal wrote: > > I still like some help with any workaround in dealing with string. > > > > IT LDAP team do not have any attribute value with real number. Is it > > possible to create a local DB to map the mnetid to a real number and then > > use that table as a reference for ID mapping? I am not sure if this > > discussion should be in developer mailing list. > > You might want to try local overrides, see man sss_override for details. > Let me read up on it real quick and explore that. What should I be looking for? How to override mnetid attribute value type from string to integer? > As an alternative you might want to try to enable enumeration. After the > initial enumeration run is done all users and groups are already in > SSSD's cache and lookups by id should work. But I'm not sure if > enumeration can handle you setup where user and groups are defined by > the same LDAP object. > > During initial setup, before this server was in production, I tried enumeration on and I think login were failing and it was doing ldap query for 2500 users and almost was not responding. So kind of risky to go that path, since most users' mnetd id do not have leading `0' and I might add more problem than solution :-) > Finally, if it is possible to remove the leading '0's from mnetid it > should work as well because then '(mnetid=4311)' would match as string > as well. > > I think I have the worst IT LDAP team. They will not change there schema and remove any leading 0s from mnetid. Might be little off-topic, but I am not sure if we could have a ldap sync all attributes to a local ldap server minus the mnetid and we populate that with numbers. Probably also add more work to address few user accounts with leading 0s bye, > Sumit > > > > > Appreciate any help > > > > > > > > > > On Mar 8, 2018 11:29 PM, "Asif Iqbal" wrote: > > > > > > > > On Wed, Feb 28, 2018 at 4:27 PM, Jakub Hrozek > wrote: > > > > > I think the next good step would be to show the LDIF and logs of a > > > resolution of a single faulty entry, e.g. 80974 which you used earlier > as > > > an example of an entry that doesn’t work. > > > > > > > Here are some logs for this account > > > > dn: uid=mwvande,ou=People,dc=mnet,dc=qintra,dc=com > > mnetid: 004311 > > > > (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] > > (0x0200): Got request for [0x1][BE_REQ_USER][idnumber=4311] > > (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] > > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectclass= > > mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou=People,dc= > > mnet,dc=qintra,dc=com]. > > (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] > > (0x0400): Removing [0:1:0x0001:1::LDAP:idnumber=4311] from reply table > > (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] > > (0x0200): Got request for [0x2][BE_REQ_GROUP][idnumber=4311] > > (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] > > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectClass= > > inetOrgPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou= > > People,dc=mnet,dc=qintra,dc=com]. > > (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] > > (0x0400): Removing [0:1:0x0001:2::LDAP:idnumber=4311] from reply table > > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] > > (0x0200): Got request for [0x1][BE_REQ_USER][name=4311@ldap] > > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] > > (0x0400): calling ldap_search_ext with [(&(uid=4311)(objectclass= > > mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou=People,dc= > > mnet,dc=qintra,dc=com]. > > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] > > (0x0400): Removing [0:1:0x0001:1::LDAP:name=4311@ldap] from reply table > > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] > > (0x0200): Got request for [0x1][BE_REQ_USER][idnumber=4311] > > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] > > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectclass= > > mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou=People,dc= > > mnet,dc=qintra,dc=com]. > > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] > > (0x0400): Removing [0:1:0x0001:1::LDAP:idnumber=4311] from reply table > > (Thu Mar 8 22:11:38 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] > > (0x0200): Got request for [0x2][BE_REQ_GROUP][idnumber=4311] > > (Thu Mar 8 22:11:38 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] > > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectClass= > > inetOrgPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou= > > People,dc=mnet,dc=qintra,dc=com]. > > (Thu Mar 8 22:11:38 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] > > (0x0400): Removing [0:1:0x
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Sun, Mar 11, 2018 at 10:25:24AM -0400, Asif Iqbal wrote: > I still like some help with any workaround in dealing with string. > > IT LDAP team do not have any attribute value with real number. Is it > possible to create a local DB to map the mnetid to a real number and then > use that table as a reference for ID mapping? I am not sure if this > discussion should be in developer mailing list. You might want to try local overrides, see man sss_override for details. As an alternative you might want to try to enable enumeration. After the initial enumeration run is done all users and groups are already in SSSD's cache and lookups by id should work. But I'm not sure if enumeration can handle you setup where user and groups are defined by the same LDAP object. Finally, if it is possible to remove the leading '0's from mnetid it should work as well because then '(mnetid=4311)' would match as string as well. bye, Sumit > > Appreciate any help > > > > > On Mar 8, 2018 11:29 PM, "Asif Iqbal" wrote: > > > > On Wed, Feb 28, 2018 at 4:27 PM, Jakub Hrozek wrote: > > > I think the next good step would be to show the LDIF and logs of a > > resolution of a single faulty entry, e.g. 80974 which you used earlier as > > an example of an entry that doesn’t work. > > > > Here are some logs for this account > > dn: uid=mwvande,ou=People,dc=mnet,dc=qintra,dc=com > mnetid: 004311 > > (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] > (0x0200): Got request for [0x1][BE_REQ_USER][idnumber=4311] > (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectclass= > mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou=People,dc= > mnet,dc=qintra,dc=com]. > (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] > (0x0400): Removing [0:1:0x0001:1::LDAP:idnumber=4311] from reply table > (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] > (0x0200): Got request for [0x2][BE_REQ_GROUP][idnumber=4311] > (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectClass= > inetOrgPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou= > People,dc=mnet,dc=qintra,dc=com]. > (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] > (0x0400): Removing [0:1:0x0001:2::LDAP:idnumber=4311] from reply table > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] > (0x0200): Got request for [0x1][BE_REQ_USER][name=4311@ldap] > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] > (0x0400): calling ldap_search_ext with [(&(uid=4311)(objectclass= > mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou=People,dc= > mnet,dc=qintra,dc=com]. > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] > (0x0400): Removing [0:1:0x0001:1::LDAP:name=4311@ldap] from reply table > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] > (0x0200): Got request for [0x1][BE_REQ_USER][idnumber=4311] > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectclass= > mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou=People,dc= > mnet,dc=qintra,dc=com]. > (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] > (0x0400): Removing [0:1:0x0001:1::LDAP:idnumber=4311] from reply table > (Thu Mar 8 22:11:38 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] > (0x0200): Got request for [0x2][BE_REQ_GROUP][idnumber=4311] > (Thu Mar 8 22:11:38 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectClass= > inetOrgPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou= > People,dc=mnet,dc=qintra,dc=com]. > (Thu Mar 8 22:11:38 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] > (0x0400): Removing [0:1:0x0001:2::LDAP:idnumber=4311] from reply table > (Thu Mar 8 22:12:00 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] > (0x0200): Got request for [0x2][BE_REQ_GROUP][idnumber=4311] > (Thu Mar 8 22:12:00 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectClass= > inetOrgPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou= > People,dc=mnet,dc=qintra,dc=com]. > (Thu Mar 8 22:12:00 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] > (0x0400): Removing [0:1:0x0001:2::LDAP:idnumber=4311] from reply table > > > (Thu Mar 8 22:10:22 2018) [sssd[nss]] [nss_getby_id] (0x0400): Input ID: > 4311 > (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_search_send] (0x0400): CR > #913574: Looking up UID:4311@LDAP > (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_search_ncache] (0x0400): > CR #913574: Checking negative cache for [UID:4311@LDAP] > (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_search_ncache] (0x0400): > CR #913574: [UID:4311@LDAP] is not present in negative
[SSSD-users] Re: Experiencing a bug on users' name and ID
I still like some help with any workaround in dealing with string. IT LDAP team do not have any attribute value with real number. Is it possible to create a local DB to map the mnetid to a real number and then use that table as a reference for ID mapping? I am not sure if this discussion should be in developer mailing list. Appreciate any help On Mar 8, 2018 11:29 PM, "Asif Iqbal" wrote: On Wed, Feb 28, 2018 at 4:27 PM, Jakub Hrozek wrote: > I think the next good step would be to show the LDIF and logs of a > resolution of a single faulty entry, e.g. 80974 which you used earlier as > an example of an entry that doesn’t work. > Here are some logs for this account dn: uid=mwvande,ou=People,dc=mnet,dc=qintra,dc=com mnetid: 004311 (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] (0x0200): Got request for [0x1][BE_REQ_USER][idnumber=4311] (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectclass= mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou=People,dc= mnet,dc=qintra,dc=com]. (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1::LDAP:idnumber=4311] from reply table (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] (0x0200): Got request for [0x2][BE_REQ_GROUP][idnumber=4311] (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectClass= inetOrgPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou= People,dc=mnet,dc=qintra,dc=com]. (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:2::LDAP:idnumber=4311] from reply table (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] (0x0200): Got request for [0x1][BE_REQ_USER][name=4311@ldap] (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=4311)(objectclass= mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou=People,dc= mnet,dc=qintra,dc=com]. (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1::LDAP:name=4311@ldap] from reply table (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] (0x0200): Got request for [0x1][BE_REQ_USER][idnumber=4311] (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectclass= mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou=People,dc= mnet,dc=qintra,dc=com]. (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1::LDAP:idnumber=4311] from reply table (Thu Mar 8 22:11:38 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] (0x0200): Got request for [0x2][BE_REQ_GROUP][idnumber=4311] (Thu Mar 8 22:11:38 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectClass= inetOrgPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou= People,dc=mnet,dc=qintra,dc=com]. (Thu Mar 8 22:11:38 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:2::LDAP:idnumber=4311] from reply table (Thu Mar 8 22:12:00 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] (0x0200): Got request for [0x2][BE_REQ_GROUP][idnumber=4311] (Thu Mar 8 22:12:00 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectClass= inetOrgPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou= People,dc=mnet,dc=qintra,dc=com]. (Thu Mar 8 22:12:00 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:2::LDAP:idnumber=4311] from reply table (Thu Mar 8 22:10:22 2018) [sssd[nss]] [nss_getby_id] (0x0400): Input ID: 4311 (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_search_send] (0x0400): CR #913574: Looking up UID:4311@LDAP (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #913574: Checking negative cache for [UID:4311@LDAP] (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #913574: [UID:4311@LDAP] is not present in negative cache (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_search_cache] (0x0400): CR #913574: Looking up [UID:4311@LDAP] in cache (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_search_cache] (0x0400): CR #913574: Object [UID:4311@LDAP] was not found in cache (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_search_dp] (0x0400): CR #913574: Looking up [UID:4311@LDAP] in data provider (Thu Mar 8 22:10:22 2018) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x5641be284b10:1:4311@LDAP] (Thu Mar 8 22:10:22 2018) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [LDAP][0x1][BE_REQ_USER][idnumber=4311:-] (Thu Mar 8 22:10:22 2018) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x5641be284b10:1:4311@LDAP]
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Wed, Feb 28, 2018 at 4:27 PM, Jakub Hrozek wrote: > I think the next good step would be to show the LDIF and logs of a > resolution of a single faulty entry, e.g. 80974 which you used earlier as > an example of an entry that doesn’t work. > Here are some logs for this account dn: uid=mwvande,ou=People,dc=mnet,dc=qintra,dc=com mnetid: 004311 (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] (0x0200): Got request for [0x1][BE_REQ_USER][idnumber=4311] (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectclass=mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou=People,dc=mnet,dc=qintra,dc=com]. (Thu Mar 8 22:10:22 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1::LDAP:idnumber=4311] from reply table (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] (0x0200): Got request for [0x2][BE_REQ_GROUP][idnumber=4311] (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectClass=inetOrgPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou=People,dc=mnet,dc=qintra,dc=com]. (Thu Mar 8 22:10:29 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:2::LDAP:idnumber=4311] from reply table (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] (0x0200): Got request for [0x1][BE_REQ_USER][name=4311@ldap] (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=4311)(objectclass=mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou=People,dc=mnet,dc=qintra,dc=com]. (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1::LDAP:name=4311@ldap] from reply table (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] (0x0200): Got request for [0x1][BE_REQ_USER][idnumber=4311] (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectclass=mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou=People,dc=mnet,dc=qintra,dc=com]. (Thu Mar 8 22:11:14 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1::LDAP:idnumber=4311] from reply table (Thu Mar 8 22:11:38 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] (0x0200): Got request for [0x2][BE_REQ_GROUP][idnumber=4311] (Thu Mar 8 22:11:38 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectClass=inetOrgPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou=People,dc=mnet,dc=qintra,dc=com]. (Thu Mar 8 22:11:38 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:2::LDAP:idnumber=4311] from reply table (Thu Mar 8 22:12:00 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler] (0x0200): Got request for [0x2][BE_REQ_GROUP][idnumber=4311] (Thu Mar 8 22:12:00 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectClass=inetOrgPerson)(uid=*)(&(mnetid=*)(!(mnetid=0][ou=People,dc=mnet,dc=qintra,dc=com]. (Thu Mar 8 22:12:00 2018) [sssd[be[LDAP]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:2::LDAP:idnumber=4311] from reply table (Thu Mar 8 22:10:22 2018) [sssd[nss]] [nss_getby_id] (0x0400): Input ID: 4311 (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_search_send] (0x0400): CR #913574: Looking up UID:4311@LDAP (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #913574: Checking negative cache for [UID:4311@LDAP] (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_search_ncache] (0x0400): CR #913574: [UID:4311@LDAP] is not present in negative cache (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_search_cache] (0x0400): CR #913574: Looking up [UID:4311@LDAP] in cache (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_search_cache] (0x0400): CR #913574: Object [UID:4311@LDAP] was not found in cache (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_search_dp] (0x0400): CR #913574: Looking up [UID:4311@LDAP] in data provider (Thu Mar 8 22:10:22 2018) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x5641be284b10:1:4311@LDAP] (Thu Mar 8 22:10:22 2018) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [LDAP][0x1][BE_REQ_USER][idnumber=4311:-] (Thu Mar 8 22:10:22 2018) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x5641be284b10:1:4311@LDAP] (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_search_cache] (0x0400): CR #913574: Looking up [UID:4311@LDAP] in cache (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_search_cache] (0x0400): CR #913574: Object [UID:4311@LDAP] was not found in cache (Thu Mar 8 22:10:22 2018) [sssd[nss]] [cache_req_global_ncache_add] (0x0400): CR #913574: Adding [UID:4311@LDAP] to global negative cache (Thu Mar 8 22:10:2
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Thu, Mar 8, 2018 at 5:25 PM, Asif Iqbal wrote: > > > On Thu, Mar 1, 2018 at 4:12 AM, Sumit Bose wrote: > >> On Wed, Feb 28, 2018 at 10:27:20PM +0100, Jakub Hrozek wrote: >> > I think the next good step would be to show the LDIF and logs of a >> resolution of a single faulty entry, e.g. 80974 which you used earlier as >> an example of an entry that doesn’t work. >> >> I would expect the lookups by UID or GID do not work. Does >> >> getent passwd 80974 >> >> or >> >> getent group 80974 >> > > Yes you are correct.. > > > $ getent passwd 4311 > > $ getent group 4311 > > $ id 4311 > id: 4311: no such user > > $ ls -ld /home/mwvande > drwx--. 33 4311 4311 4096 Feb 20 19:12 /home/mwvande > > $ getent passwd mwvande > mwvande:*:4311:4311:mwvande:/home/mwvande:/bin/bash > > $ getent group mwvande > mwvande:*:4311: > > $ id 4311 > uid=4311(mwvande) gid=4311(mwvande) groups=4311(mwvande),100(users) > > $ ls -ld /home/mwvande > drwx--. 33 mwvande mwvande 4096 Feb 20 19:12 /home/mwvande > > > Yes it is treating as text. > > $ ldsmnetid 4311 uid > (empty) > > $ ldsmnetid 004311 uid > dn: uid=mwvande,ou=People,dc=mnet,dc=qintra,dc=com > uid: mwvande > > $ cat ldsmnetid > > ldapsearch -LLL -x -D $_binddn -y $_pass -z $_max -l $_timeout -s one > "(&(objectClass=mnetPerson)(mnetid=$param))" "$@" > > That sucks.. Trying to find out which LDAP attribute is integer. Waiting > for a response from IT LDAP team. Any other workaround? > It looks like employeenumber is also a string. I guess need another solution then. > > >> return anything with an empty cache? >> >> > > objectClass: organizationalPerson >> > > objectClass: inetOrgPerson >> > > objectClass: mnetPerson >> > > mnetid: 080974 >> > > uid: mbniels >> >> What is the schema definition of mnetid on the LDAP server? Since it is >> starting with a '0' I would expect that it is using some string syntax >> and is not an integer from the LDAP schema point of view. >> >> SSSD treats the UID and GID as numerical values and expects that the >> LDAP server treats them as numerical values as well as defined in >> RFC2307/RFC2307bis. So a part of the search filter will be >> (mnetid=80974). But if mnetid is defined as string in the schema then >> the attribute >> >> > > mnetid: 080974 >> >> will not match the search filter because from the string-comparison >> perspective the leading '0' is missing in the search filter. >> >> If the user or group is looked up by name first SSSD will write the >> proper numerical value 80974 into is cache. But if the cached entry is >> expired and a search by UID or GID is processed next the cached entry >> will be removed because there is no matching entry found on the server >> and SSSD has to assume that it was removed on the server. >> >> To get around this the proper solution would be to use an integer >> attribute for the UID/GID on the LDAP server. I cannot tell how easy it >> would be in your environment to change the schema definition of mnetid >> (since the attribute already exists I guess you have to dump the >> content, change the schema and freshly import all data). Additionally I >> cannot tell if other applications might depend on the leading '0' in >> mnetid. So I guess the most easy short term solution would be to add a >> new integer attribute and sync this attribute with the numerical value >> from mnetid. >> >> HTH >> >> bye, >> Sumit >> >> > >> > > On 28 Feb 2018, at 01:30, Asif Iqbal wrote: >> > > >> > > >> > > >> > > On Tue, Feb 27, 2018 at 1:12 PM, Asif Iqbal wrote: >> > > >> > > >> > > On Tue, Feb 27, 2018 at 3:37 AM, Sumit Bose wrote: >> > > On Mon, Feb 26, 2018 at 10:21:14PM -0500, Asif Iqbal wrote: >> > > > I have 300 out of 3000 users whose /home/ dir shows uid >> and gid >> > > > instead of username and groupname. >> > > > >> > > > It seems to be behaving like a bug >> > > > >> > > > As soon I become a user with `sudo su - username' the uid of the >> home dir >> > > > changes to username but gid still does not change to groupname. >> > > > >> > > > I also get an error message, but still successfully become that user >> > > > >> > > > $ ls -ld /home/mbniels >> > > > drwx--. 3 80974 80974 4096 Feb 27 02:15 /home/mbniels >> > > > >> > > > $ su - mbniels >> > > > Last login: Tue Feb 27 02:34:04 UTC 2018 on pts/39 >> > > > /usr/bin/id: cannot find name for group ID 80974 >> > > > groups: cannot find name for group ID 80974 >> > > > >> > > > $ ls -ld /home/mbniels >> > > > drwx--. 3 mbniels 80974 4096 Feb 27 02:15 /home/mbniels >> > > > >> > > > Then to check the groups of username I get another error which then >> gets >> > > > cleared by next command. >> > > > >> > > > $ groups mbniels >> > > > mbniels : groups: cannot find name for group ID 80974 >> > > > 80974 users >> > > > >> > > > $ getent group mbniels >> > > > mbniels:*:80974 >> > > > >> > > > $ groups mbniels >> > > > mbniels : mbniels users >> > > > >> > > > It also fixes the gid to groupname >> > > > >> > > > $ ls -ld /hom
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Thu, Mar 1, 2018 at 4:12 AM, Sumit Bose wrote: > On Wed, Feb 28, 2018 at 10:27:20PM +0100, Jakub Hrozek wrote: > > I think the next good step would be to show the LDIF and logs of a > resolution of a single faulty entry, e.g. 80974 which you used earlier as > an example of an entry that doesn’t work. > > I would expect the lookups by UID or GID do not work. Does > > getent passwd 80974 > > or > > getent group 80974 > Yes you are correct.. $ getent passwd 4311 $ getent group 4311 $ id 4311 id: 4311: no such user $ ls -ld /home/mwvande drwx--. 33 4311 4311 4096 Feb 20 19:12 /home/mwvande $ getent passwd mwvande mwvande:*:4311:4311:mwvande:/home/mwvande:/bin/bash $ getent group mwvande mwvande:*:4311: $ id 4311 uid=4311(mwvande) gid=4311(mwvande) groups=4311(mwvande),100(users) $ ls -ld /home/mwvande drwx--. 33 mwvande mwvande 4096 Feb 20 19:12 /home/mwvande Yes it is treating as text. $ ldsmnetid 4311 uid (empty) $ ldsmnetid 004311 uid dn: uid=mwvande,ou=People,dc=mnet,dc=qintra,dc=com uid: mwvande $ cat ldsmnetid ldapsearch -LLL -x -D $_binddn -y $_pass -z $_max -l $_timeout -s one "(&(objectClass=mnetPerson)(mnetid=$param))" "$@" That sucks.. Trying to find out which LDAP attribute is integer. Waiting for a response from IT LDAP team. Any other workaround? > return anything with an empty cache? > > > > objectClass: organizationalPerson > > > objectClass: inetOrgPerson > > > objectClass: mnetPerson > > > mnetid: 080974 > > > uid: mbniels > > What is the schema definition of mnetid on the LDAP server? Since it is > starting with a '0' I would expect that it is using some string syntax > and is not an integer from the LDAP schema point of view. > > SSSD treats the UID and GID as numerical values and expects that the > LDAP server treats them as numerical values as well as defined in > RFC2307/RFC2307bis. So a part of the search filter will be > (mnetid=80974). But if mnetid is defined as string in the schema then > the attribute > > > > mnetid: 080974 > > will not match the search filter because from the string-comparison > perspective the leading '0' is missing in the search filter. > > If the user or group is looked up by name first SSSD will write the > proper numerical value 80974 into is cache. But if the cached entry is > expired and a search by UID or GID is processed next the cached entry > will be removed because there is no matching entry found on the server > and SSSD has to assume that it was removed on the server. > > To get around this the proper solution would be to use an integer > attribute for the UID/GID on the LDAP server. I cannot tell how easy it > would be in your environment to change the schema definition of mnetid > (since the attribute already exists I guess you have to dump the > content, change the schema and freshly import all data). Additionally I > cannot tell if other applications might depend on the leading '0' in > mnetid. So I guess the most easy short term solution would be to add a > new integer attribute and sync this attribute with the numerical value > from mnetid. > > HTH > > bye, > Sumit > > > > > > On 28 Feb 2018, at 01:30, Asif Iqbal wrote: > > > > > > > > > > > > On Tue, Feb 27, 2018 at 1:12 PM, Asif Iqbal wrote: > > > > > > > > > On Tue, Feb 27, 2018 at 3:37 AM, Sumit Bose wrote: > > > On Mon, Feb 26, 2018 at 10:21:14PM -0500, Asif Iqbal wrote: > > > > I have 300 out of 3000 users whose /home/ dir shows uid > and gid > > > > instead of username and groupname. > > > > > > > > It seems to be behaving like a bug > > > > > > > > As soon I become a user with `sudo su - username' the uid of the > home dir > > > > changes to username but gid still does not change to groupname. > > > > > > > > I also get an error message, but still successfully become that user > > > > > > > > $ ls -ld /home/mbniels > > > > drwx--. 3 80974 80974 4096 Feb 27 02:15 /home/mbniels > > > > > > > > $ su - mbniels > > > > Last login: Tue Feb 27 02:34:04 UTC 2018 on pts/39 > > > > /usr/bin/id: cannot find name for group ID 80974 > > > > groups: cannot find name for group ID 80974 > > > > > > > > $ ls -ld /home/mbniels > > > > drwx--. 3 mbniels 80974 4096 Feb 27 02:15 /home/mbniels > > > > > > > > Then to check the groups of username I get another error which then > gets > > > > cleared by next command. > > > > > > > > $ groups mbniels > > > > mbniels : groups: cannot find name for group ID 80974 > > > > 80974 users > > > > > > > > $ getent group mbniels > > > > mbniels:*:80974 > > > > > > > > $ groups mbniels > > > > mbniels : mbniels users > > > > > > > > It also fixes the gid to groupname > > > > > > > > $ ls -ld /home/mbniels/ > > > > drwx--. 3 mbniels mbniels 4096 Feb 27 02:15 /home/mbniels/ > > > > > > > > I noticed it reverts after may be within half an hour, not exact > sure when. > > > > Almost behaves like `quantum entanglement'. > > > > As soon as I try to check by trying to become that user the issue > > > > disappears. > > >
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Wed, Feb 28, 2018 at 10:27:20PM +0100, Jakub Hrozek wrote: > I think the next good step would be to show the LDIF and logs of a resolution > of a single faulty entry, e.g. 80974 which you used earlier as an example of > an entry that doesn’t work. I would expect the lookups by UID or GID do not work. Does getent passwd 80974 or getent group 80974 return anything with an empty cache? > > objectClass: organizationalPerson > > objectClass: inetOrgPerson > > objectClass: mnetPerson > > mnetid: 080974 > > uid: mbniels What is the schema definition of mnetid on the LDAP server? Since it is starting with a '0' I would expect that it is using some string syntax and is not an integer from the LDAP schema point of view. SSSD treats the UID and GID as numerical values and expects that the LDAP server treats them as numerical values as well as defined in RFC2307/RFC2307bis. So a part of the search filter will be (mnetid=80974). But if mnetid is defined as string in the schema then the attribute > > mnetid: 080974 will not match the search filter because from the string-comparison perspective the leading '0' is missing in the search filter. If the user or group is looked up by name first SSSD will write the proper numerical value 80974 into is cache. But if the cached entry is expired and a search by UID or GID is processed next the cached entry will be removed because there is no matching entry found on the server and SSSD has to assume that it was removed on the server. To get around this the proper solution would be to use an integer attribute for the UID/GID on the LDAP server. I cannot tell how easy it would be in your environment to change the schema definition of mnetid (since the attribute already exists I guess you have to dump the content, change the schema and freshly import all data). Additionally I cannot tell if other applications might depend on the leading '0' in mnetid. So I guess the most easy short term solution would be to add a new integer attribute and sync this attribute with the numerical value from mnetid. HTH bye, Sumit > > > On 28 Feb 2018, at 01:30, Asif Iqbal wrote: > > > > > > > > On Tue, Feb 27, 2018 at 1:12 PM, Asif Iqbal wrote: > > > > > > On Tue, Feb 27, 2018 at 3:37 AM, Sumit Bose wrote: > > On Mon, Feb 26, 2018 at 10:21:14PM -0500, Asif Iqbal wrote: > > > I have 300 out of 3000 users whose /home/ dir shows uid and gid > > > instead of username and groupname. > > > > > > It seems to be behaving like a bug > > > > > > As soon I become a user with `sudo su - username' the uid of the home dir > > > changes to username but gid still does not change to groupname. > > > > > > I also get an error message, but still successfully become that user > > > > > > $ ls -ld /home/mbniels > > > drwx--. 3 80974 80974 4096 Feb 27 02:15 /home/mbniels > > > > > > $ su - mbniels > > > Last login: Tue Feb 27 02:34:04 UTC 2018 on pts/39 > > > /usr/bin/id: cannot find name for group ID 80974 > > > groups: cannot find name for group ID 80974 > > > > > > $ ls -ld /home/mbniels > > > drwx--. 3 mbniels 80974 4096 Feb 27 02:15 /home/mbniels > > > > > > Then to check the groups of username I get another error which then gets > > > cleared by next command. > > > > > > $ groups mbniels > > > mbniels : groups: cannot find name for group ID 80974 > > > 80974 users > > > > > > $ getent group mbniels > > > mbniels:*:80974 > > > > > > $ groups mbniels > > > mbniels : mbniels users > > > > > > It also fixes the gid to groupname > > > > > > $ ls -ld /home/mbniels/ > > > drwx--. 3 mbniels mbniels 4096 Feb 27 02:15 /home/mbniels/ > > > > > > I noticed it reverts after may be within half an hour, not exact sure > > > when. > > > Almost behaves like `quantum entanglement'. > > > As soon as I try to check by trying to become that user the issue > > > disappears. > > > > > > This is not just cosmetic issue, when the home dir shows ownership with > > > uid, instead of username, the user fails some commands. > > > > > > We just started noticing today, since we just built this box and only few > > > months ago and users are being invited to start using this server > > > > > > Some annoying error it is showing like below and user then fails to ssh > > > > > > $ ssh remote > > > No user exists for uid 80974 > > > > > > I am using centos 7 and sssd 1.15.2 > > > > > > $ cat /etc/redhat-release > > > CentOS Linux release 7.4.1708 (Core) > > > > > > $ sssd --version > > > 1.15.2 > > > > > > Here are some relevant logs > > > https://paste.fedoraproject.org/paste/gBaZ-Vr8Urh-M5ABpaRNuA > > > > It looks like you are not using a plain RFC2307bis LDAP schema. Can you > > send you sssd.conf and a typical LDAP user and group object? > > > > bye, > > Sumit > > > > > > Here is an ldap user and I using same info as group (sanitized) > > > > dn: uid=mbniels,ou=People,dc=example,dc=com > > roomNumber: 123456 > > departmentNumber: 3.11.3 > > tier1: Technology > > joblevel: 6 > > leg
[SSSD-users] Re: Experiencing a bug on users' name and ID
I think the next good step would be to show the LDIF and logs of a resolution of a single faulty entry, e.g. 80974 which you used earlier as an example of an entry that doesn’t work. > On 28 Feb 2018, at 01:30, Asif Iqbal wrote: > > > > On Tue, Feb 27, 2018 at 1:12 PM, Asif Iqbal wrote: > > > On Tue, Feb 27, 2018 at 3:37 AM, Sumit Bose wrote: > On Mon, Feb 26, 2018 at 10:21:14PM -0500, Asif Iqbal wrote: > > I have 300 out of 3000 users whose /home/ dir shows uid and gid > > instead of username and groupname. > > > > It seems to be behaving like a bug > > > > As soon I become a user with `sudo su - username' the uid of the home dir > > changes to username but gid still does not change to groupname. > > > > I also get an error message, but still successfully become that user > > > > $ ls -ld /home/mbniels > > drwx--. 3 80974 80974 4096 Feb 27 02:15 /home/mbniels > > > > $ su - mbniels > > Last login: Tue Feb 27 02:34:04 UTC 2018 on pts/39 > > /usr/bin/id: cannot find name for group ID 80974 > > groups: cannot find name for group ID 80974 > > > > $ ls -ld /home/mbniels > > drwx--. 3 mbniels 80974 4096 Feb 27 02:15 /home/mbniels > > > > Then to check the groups of username I get another error which then gets > > cleared by next command. > > > > $ groups mbniels > > mbniels : groups: cannot find name for group ID 80974 > > 80974 users > > > > $ getent group mbniels > > mbniels:*:80974 > > > > $ groups mbniels > > mbniels : mbniels users > > > > It also fixes the gid to groupname > > > > $ ls -ld /home/mbniels/ > > drwx--. 3 mbniels mbniels 4096 Feb 27 02:15 /home/mbniels/ > > > > I noticed it reverts after may be within half an hour, not exact sure when. > > Almost behaves like `quantum entanglement'. > > As soon as I try to check by trying to become that user the issue > > disappears. > > > > This is not just cosmetic issue, when the home dir shows ownership with > > uid, instead of username, the user fails some commands. > > > > We just started noticing today, since we just built this box and only few > > months ago and users are being invited to start using this server > > > > Some annoying error it is showing like below and user then fails to ssh > > > > $ ssh remote > > No user exists for uid 80974 > > > > I am using centos 7 and sssd 1.15.2 > > > > $ cat /etc/redhat-release > > CentOS Linux release 7.4.1708 (Core) > > > > $ sssd --version > > 1.15.2 > > > > Here are some relevant logs > > https://paste.fedoraproject.org/paste/gBaZ-Vr8Urh-M5ABpaRNuA > > It looks like you are not using a plain RFC2307bis LDAP schema. Can you > send you sssd.conf and a typical LDAP user and group object? > > bye, > Sumit > > > Here is an ldap user and I using same info as group (sanitized) > > dn: uid=mbniels,ou=People,dc=example,dc=com > roomNumber: 123456 > departmentNumber: 3.11.3 > tier1: Technology > joblevel: 6 > legacycompany: G > mobile: +11234567890 > manager: uid=managerid,ou=People,dc=example,dc=com > departmentname: TESTING & INTEG > costcenter: S0019751 > companynumber: S001 > companyname: EXAMPLE COMPANY > displayName: FOO, BAR > preferredname: Mark > docshareaccess: TRUE > sAMAccountName: mbniels > l: XX > street: 123 example ave > saploginid: foobar > title: LEAD ARCHITECT > postalCode: 123456 > employeeNumber: 00112233 > mail: foo@example.com > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > objectClass: mnetPerson > mnetid: 080974 > uid: mbniels > givenName: Mark > st: XX > cn: Foo Bar > sn: Bar > employeeType: Management > initials: X > nationnumber: USA > nationname: United States > > > > I am still looking for some help on this. > > > > -- > Asif Iqbal > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > > ___ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Tue, Feb 27, 2018 at 1:12 PM, Asif Iqbal wrote: > > > On Tue, Feb 27, 2018 at 3:37 AM, Sumit Bose wrote: > >> On Mon, Feb 26, 2018 at 10:21:14PM -0500, Asif Iqbal wrote: >> > I have 300 out of 3000 users whose /home/ dir shows uid and >> gid >> > instead of username and groupname. >> > >> > It seems to be behaving like a bug >> > >> > As soon I become a user with `sudo su - username' the uid of the home >> dir >> > changes to username but gid still does not change to groupname. >> > >> > I also get an error message, but still successfully become that user >> > >> > $ ls -ld /home/mbniels >> > drwx--. 3 80974 80974 4096 Feb 27 02:15 /home/mbniels >> > >> > $ su - mbniels >> > Last login: Tue Feb 27 02:34:04 UTC 2018 on pts/39 >> > /usr/bin/id: cannot find name for group ID 80974 >> > groups: cannot find name for group ID 80974 >> > >> > $ ls -ld /home/mbniels >> > drwx--. 3 mbniels 80974 4096 Feb 27 02:15 /home/mbniels >> > >> > Then to check the groups of username I get another error which then gets >> > cleared by next command. >> > >> > $ groups mbniels >> > mbniels : groups: cannot find name for group ID 80974 >> > 80974 users >> > >> > $ getent group mbniels >> > mbniels:*:80974 >> > >> > $ groups mbniels >> > mbniels : mbniels users >> > >> > It also fixes the gid to groupname >> > >> > $ ls -ld /home/mbniels/ >> > drwx--. 3 mbniels mbniels 4096 Feb 27 02:15 /home/mbniels/ >> > >> > I noticed it reverts after may be within half an hour, not exact sure >> when. >> > Almost behaves like `quantum entanglement'. >> > As soon as I try to check by trying to become that user the issue >> > disappears. >> > >> > This is not just cosmetic issue, when the home dir shows ownership with >> > uid, instead of username, the user fails some commands. >> > >> > We just started noticing today, since we just built this box and only >> few >> > months ago and users are being invited to start using this server >> > >> > Some annoying error it is showing like below and user then fails to ssh >> > >> > $ ssh remote >> > No user exists for uid 80974 >> > >> > I am using centos 7 and sssd 1.15.2 >> > >> > $ cat /etc/redhat-release >> > CentOS Linux release 7.4.1708 (Core) >> > >> > $ sssd --version >> > 1.15.2 >> > >> > Here are some relevant logs >> > https://paste.fedoraproject.org/paste/gBaZ-Vr8Urh-M5ABpaRNuA >> >> It looks like you are not using a plain RFC2307bis LDAP schema. Can you >> send you sssd.conf and a typical LDAP user and group object? >> >> bye, >> Sumit >> > > > Here is an ldap user and I using same info as group (sanitized) > > dn: uid=mbniels,ou=People,dc=example,dc=com > roomNumber: 123456 > departmentNumber: 3.11.3 > tier1: Technology > joblevel: 6 > legacycompany: G > mobile: +11234567890 > manager: uid=managerid,ou=People,dc=example,dc=com > departmentname: TESTING & INTEG > costcenter: S0019751 > companynumber: S001 > companyname: EXAMPLE COMPANY > displayName: FOO, BAR > preferredname: Mark > docshareaccess: TRUE > sAMAccountName: mbniels > l: XX > street: 123 example ave > saploginid: foobar > title: LEAD ARCHITECT > postalCode: 123456 > employeeNumber: 00112233 > mail: foo@example.com > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > objectClass: mnetPerson > mnetid: 080974 > uid: mbniels > givenName: Mark > st: XX > cn: Foo Bar > sn: Bar > employeeType: Management > initials: X > nationnumber: USA > nationname: United States > > >> I am still looking for some help on this. -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Tue, Feb 27, 2018 at 3:37 AM, Sumit Bose wrote: > On Mon, Feb 26, 2018 at 10:21:14PM -0500, Asif Iqbal wrote: > > I have 300 out of 3000 users whose /home/ dir shows uid and gid > > instead of username and groupname. > > > > It seems to be behaving like a bug > > > > As soon I become a user with `sudo su - username' the uid of the home dir > > changes to username but gid still does not change to groupname. > > > > I also get an error message, but still successfully become that user > > > > $ ls -ld /home/mbniels > > drwx--. 3 80974 80974 4096 Feb 27 02:15 /home/mbniels > > > > $ su - mbniels > > Last login: Tue Feb 27 02:34:04 UTC 2018 on pts/39 > > /usr/bin/id: cannot find name for group ID 80974 > > groups: cannot find name for group ID 80974 > > > > $ ls -ld /home/mbniels > > drwx--. 3 mbniels 80974 4096 Feb 27 02:15 /home/mbniels > > > > Then to check the groups of username I get another error which then gets > > cleared by next command. > > > > $ groups mbniels > > mbniels : groups: cannot find name for group ID 80974 > > 80974 users > > > > $ getent group mbniels > > mbniels:*:80974 > > > > $ groups mbniels > > mbniels : mbniels users > > > > It also fixes the gid to groupname > > > > $ ls -ld /home/mbniels/ > > drwx--. 3 mbniels mbniels 4096 Feb 27 02:15 /home/mbniels/ > > > > I noticed it reverts after may be within half an hour, not exact sure > when. > > Almost behaves like `quantum entanglement'. > > As soon as I try to check by trying to become that user the issue > > disappears. > > > > This is not just cosmetic issue, when the home dir shows ownership with > > uid, instead of username, the user fails some commands. > > > > We just started noticing today, since we just built this box and only few > > months ago and users are being invited to start using this server > > > > Some annoying error it is showing like below and user then fails to ssh > > > > $ ssh remote > > No user exists for uid 80974 > > > > I am using centos 7 and sssd 1.15.2 > > > > $ cat /etc/redhat-release > > CentOS Linux release 7.4.1708 (Core) > > > > $ sssd --version > > 1.15.2 > > > > Here are some relevant logs > > https://paste.fedoraproject.org/paste/gBaZ-Vr8Urh-M5ABpaRNuA > > It looks like you are not using a plain RFC2307bis LDAP schema. Can you > send you sssd.conf and a typical LDAP user and group object? > > bye, > Sumit > Here is an ldap user and I using same info as group (sanitized) dn: uid=mbniels,ou=People,dc=example,dc=com roomNumber: 123456 departmentNumber: 3.11.3 tier1: Technology joblevel: 6 legacycompany: G mobile: +11234567890 manager: uid=managerid,ou=People,dc=example,dc=com departmentname: TESTING & INTEG costcenter: S0019751 companynumber: S001 companyname: EXAMPLE COMPANY displayName: FOO, BAR preferredname: Mark docshareaccess: TRUE sAMAccountName: mbniels l: XX street: 123 example ave saploginid: foobar title: LEAD ARCHITECT postalCode: 123456 employeeNumber: 00112233 mail: foo@example.com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: mnetPerson mnetid: 080974 uid: mbniels givenName: Mark st: XX cn: Foo Bar sn: Bar employeeType: Management initials: X nationnumber: USA nationname: United States > > > > Appreciate any help > > > > > > > > > > -- > > Asif Iqbal > > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > > A: Because it messes up the order in which people normally read text. > > Q: Why is top-posting such a bad thing? > > > ___ > > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > ___ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Tue, Feb 27, 2018 at 3:37 AM, Sumit Bose wrote: > On Mon, Feb 26, 2018 at 10:21:14PM -0500, Asif Iqbal wrote: > > I have 300 out of 3000 users whose /home/ dir shows uid and gid > > instead of username and groupname. > > > > It seems to be behaving like a bug > > > > As soon I become a user with `sudo su - username' the uid of the home dir > > changes to username but gid still does not change to groupname. > > > > I also get an error message, but still successfully become that user > > > > $ ls -ld /home/mbniels > > drwx--. 3 80974 80974 4096 Feb 27 02:15 /home/mbniels > > > > $ su - mbniels > > Last login: Tue Feb 27 02:34:04 UTC 2018 on pts/39 > > /usr/bin/id: cannot find name for group ID 80974 > > groups: cannot find name for group ID 80974 > > > > $ ls -ld /home/mbniels > > drwx--. 3 mbniels 80974 4096 Feb 27 02:15 /home/mbniels > > > > Then to check the groups of username I get another error which then gets > > cleared by next command. > > > > $ groups mbniels > > mbniels : groups: cannot find name for group ID 80974 > > 80974 users > > > > $ getent group mbniels > > mbniels:*:80974 > > > > $ groups mbniels > > mbniels : mbniels users > > > > It also fixes the gid to groupname > > > > $ ls -ld /home/mbniels/ > > drwx--. 3 mbniels mbniels 4096 Feb 27 02:15 /home/mbniels/ > > > > I noticed it reverts after may be within half an hour, not exact sure > when. > > Almost behaves like `quantum entanglement'. > > As soon as I try to check by trying to become that user the issue > > disappears. > > > > This is not just cosmetic issue, when the home dir shows ownership with > > uid, instead of username, the user fails some commands. > > > > We just started noticing today, since we just built this box and only few > > months ago and users are being invited to start using this server > > > > Some annoying error it is showing like below and user then fails to ssh > > > > $ ssh remote > > No user exists for uid 80974 > > > > I am using centos 7 and sssd 1.15.2 > > > > $ cat /etc/redhat-release > > CentOS Linux release 7.4.1708 (Core) > > > > $ sssd --version > > 1.15.2 > > > > Here are some relevant logs > > https://paste.fedoraproject.org/paste/gBaZ-Vr8Urh-M5ABpaRNuA > > It looks like you are not using a plain RFC2307bis LDAP schema. Can you > send you sssd.conf and a typical LDAP user and group object? > > bye, > Sumit > > I am using rfc2307bis Here is the sssd.conf (sanitized) [sssd] config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 services = nss,pam,sudo domains = LDAP [nss] reconnection_retries = 3 filter_groups = root,wheel filter_users = root [pam] reconnection_retries = 3 offline_credentials_expiration = 0 pam_verbosity = 3 [sudo] [domain/LDAP] chpass_provider = ldap access_provider = ldap id_provider = ldap case_sensitive = False ldap_schema = rfc2307bis ldap_search_base = ou=People,dc=example,dc=com ldap_uri = ldaps://192.168.1.100, ldaps://192.168.1.101 ldap_access_order = filter ldap_access_filter = (&(objectClass=mnetPerson)(nationnumber=USA)) ldap_user_uid_number = mnetid ldap_user_gid_number = mnetid ldap_group_gid_number = mnetid ldap_group_object_class = inetOrgPerson ldap_user_object_class = mnetPerson ldap_user_fullname = uid ldap_group_name = uid ldap_network_timeout = 3 ldap_tls_reqcert = allow ldap_tls_cacert = /etc/ssl/certs/hostca.cer ldap_chpass_update_last_change = true ldap_pwd_policy = none ldap_account_expire_policy = none ldap_default_authtok_type = password ldap_default_bind_dn = uid=binduid,ou=people,dc=example,dc=com ldap_default_authtok = secretsanitized auth_provider = ldap krb5_server = 192.168.1.102:88, 192.168.1.103:88 krb5_backup_server = 192.168.1.102 krb5_realm = IT.INTRANET krb5_auth_timeout = 15 cache_credentials = true default_shell = /bin/bash override_homedir = /home/%u > > > Appreciate any help > > > > > > > > > > -- > > Asif Iqbal > > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > > A: Because it messes up the order in which people normally read text. > > Q: Why is top-posting such a bad thing? > > > ___ > > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > ___ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
[SSSD-users] Re: Experiencing a bug on users' name and ID
On Mon, Feb 26, 2018 at 10:21:14PM -0500, Asif Iqbal wrote: > I have 300 out of 3000 users whose /home/ dir shows uid and gid > instead of username and groupname. > > It seems to be behaving like a bug > > As soon I become a user with `sudo su - username' the uid of the home dir > changes to username but gid still does not change to groupname. > > I also get an error message, but still successfully become that user > > $ ls -ld /home/mbniels > drwx--. 3 80974 80974 4096 Feb 27 02:15 /home/mbniels > > $ su - mbniels > Last login: Tue Feb 27 02:34:04 UTC 2018 on pts/39 > /usr/bin/id: cannot find name for group ID 80974 > groups: cannot find name for group ID 80974 > > $ ls -ld /home/mbniels > drwx--. 3 mbniels 80974 4096 Feb 27 02:15 /home/mbniels > > Then to check the groups of username I get another error which then gets > cleared by next command. > > $ groups mbniels > mbniels : groups: cannot find name for group ID 80974 > 80974 users > > $ getent group mbniels > mbniels:*:80974 > > $ groups mbniels > mbniels : mbniels users > > It also fixes the gid to groupname > > $ ls -ld /home/mbniels/ > drwx--. 3 mbniels mbniels 4096 Feb 27 02:15 /home/mbniels/ > > I noticed it reverts after may be within half an hour, not exact sure when. > Almost behaves like `quantum entanglement'. > As soon as I try to check by trying to become that user the issue > disappears. > > This is not just cosmetic issue, when the home dir shows ownership with > uid, instead of username, the user fails some commands. > > We just started noticing today, since we just built this box and only few > months ago and users are being invited to start using this server > > Some annoying error it is showing like below and user then fails to ssh > > $ ssh remote > No user exists for uid 80974 > > I am using centos 7 and sssd 1.15.2 > > $ cat /etc/redhat-release > CentOS Linux release 7.4.1708 (Core) > > $ sssd --version > 1.15.2 > > Here are some relevant logs > https://paste.fedoraproject.org/paste/gBaZ-Vr8Urh-M5ABpaRNuA It looks like you are not using a plain RFC2307bis LDAP schema. Can you send you sssd.conf and a typical LDAP user and group object? bye, Sumit > > Appreciate any help > > > > > -- > Asif Iqbal > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > ___ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org ___ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
