On (13/01/15 03:43), Christian Tardif wrote: >OK, now I can login. I was using pam_listfile.so module, but the required >group to allow login did not have required posix gid to be available in the >linux box. Now it has. > >So my main problem is the unability to use enumerate=true. Not necessarily a >big deal, but maybe worth verifying why, though.
I looked to the log file one more time and I found that crash happend just with enumerating services. It might be caused by fact that different LDAP connection tried to be used for services. [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldap://orion.int.servinfo.test:389/??base] with fd [19]. [sdap_get_rootdse_send] (0x4000): Getting rootdse //snip [sdap_get_services_next_base] (0x0400): Searching for services with base [dc=servinfo,dc=test] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectclass=ipService)(cn=*)(ipServicePort=*)(ipServiceProtocol=*)) [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipServicePort] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipServiceProtocol] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 5 [sdap_process_result] (0x2000): Trace: sh[0x256a080], connected[1], ops[0x256b430], ldap[0x256a190] [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldap://servinfo.test/CN=Configuration,DC=servinfo,DC=test] with fd [21] //after few lines [sdap_process_result] (0x0040): ldap_result error: [Can't contact LDAP server] [remove_connection_callback] (0x4000): Successfully removed connection callback. [server_setup] (0x0400): CONFDB: /var/lib/sss/db/config.ldb ^^^^^^^^^^^^^ process was restarted I can see in log file that just 1st LDAP server should be used. [dp_get_options] (0x0400): Option ldap_uri has value ldap://orion.int.servinfo.test/ I may be wrong but it may be caused by LDAP referrals. You can try to disable it in sssd. Put next line into domain section of sssd.conf ldap_referrals = false LS _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
