On Tue, Jul 15, 2014 at 8:21 PM, Jakub Hrozek <jhro...@redhat.com> wrote:
> On Tue, Jul 15, 2014 at 06:15:43PM +0200, Jakub Hrozek wrote: > > > How to test: > > > libnfsidmap.git comes with a small C code named "libtest.c" which > allows > > > you to directly test the various function from 'struct trans_func'. > > > I modified this code a bit to match our needs (and attached to this > email). > > > compile/link with: > > > gcc -o libtest libtest.c -lnfsidmap > > > > > > run like this: > > > $ ./libtest noam@localdomain 0 users@localdomain 101 > > > > > > expected output: > > > input: user=noam@localdomain uid=0 group=users@localdomain gid=101 > > > nfs4_name_to_uid: username noam@localdomain has uid 1000 > > > nfs4_name_to_gid: username users@localdomain has gid 100 > > > nfs4_uid_to_name: uid 0 has name root@localdomain > > > nfs4_gid_to_name: gid 101 has name libuuid@localdomain > > > > Thank you, I will test using the program so far. > > > > > > > > > > > Unfortunately, I don't have an LDAP environment at the moment to test > it > > > myself. So what you see here is the result of the default idmapd.conf > > > running with the "nss" plugin (going to /etc/passwd ...) > > > > np, I can test with your program. Thanks again. > > btw this worked with a setup where "sss" was not present in the > nsswitch.conf file at all, just sssd was running: > > $ ./libtest ad...@ipa.example.com 1832200001 adm...@ipa.example.com > 1832200002 > input: user=ad...@ipa.example.com uid=1832200001 group= > adm...@ipa.example.com gid=1832200002 > nfs4_name_to_uid: username ad...@ipa.example.com has uid 1832200000 > nfs4_name_to_gid: username adm...@ipa.example.com has gid 1832200000 > nfs4_uid_to_name: uid 1832200001 has name tuser > nfs4_gid_to_name: gid 1832200002 has name editors > $ getent passwd ad...@ipa.example.com > $ echo $? > 2 > > I also checked with strace that the NSS responder socket was being > contacted. So now I know that the plugin does work, great! > Great! Just a small nitpick: "use_fully_qualified_names" is disabled in your SSSD configuration. It can be seen in the id->name replies (no domain suffix). This setting needs to be on (this is specified in the manpage in the other patchset).
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
