On 04/04/2016 08:54 AM, Jakub Hrozek wrote:
> On Mon, Apr 04, 2016 at 02:30:16PM +0200, Lukas Slebodnik wrote:
>> On (04/04/16 13:57), Jakub Hrozek wrote:
>>> Hi,
>>>
>>> I'm looking at a logfile from one sssd installation and I'm wondering if
>>> it's a GPO bug. The relevant part of the logs is:
>>>
>>> [sssd[be[example.com]]] [sdap_parse_entry] (0x1000): OriginalDN:
>>> [cn={BCB10A5A-630C-477E-8E2D-996F06E36DBD},cn=policies,cn=system,DC=example,DC=com].
>>> [sssd[be[example.com]]] [sdap_parse_entry] (0x1000): Entry has no
>>> attributes [0(Success)]!?
>>> [sssd[be[example.com]]] [sdap_get_generic_op_finished] (0x0400): Search
>>> result: Success(0), no errmsg set
>>> [sssd[be[example.com]]] [ad_gpo_sd_process_attrs] (0x0040):
>>> sysdb_attrs_get_string failed: [2](No such file or directory)
>> It can be either attribute "cn" or gPCFileSysPath
>> #define AD_AT_CN "cn"
>> #define AD_AT_FILE_SYS_PATH "gPCFileSysPath"
>
> Yes, unfortunately the two debug messages are the same and I don't have
> more verbose logs at the moment. But also note the message before:
> [sssd[be[example.com]]] [sdap_parse_entry] (0x1000): Entry has no
> attributes [0(Success)]!?
>
> This read to me as if no attributes were downloaded..
> Well, the obvious thing to check would be to perform that actual query and see if the GPO entry is indeed missing content (could be a misconfiguration on the AD side). We only request that entry if we're referred over to it, so if it's incomplete, I think throwing an error is probably the right answer.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
