On Tue, Jan 13, 2015 at 08:58:53AM +0100, Lukas Slebodnik wrote: > On (13/01/15 03:43), Christian Tardif wrote: > >OK, now I can login. I was using pam_listfile.so module, but the required > >group to allow login did not have required posix gid to be available in the > >linux box. Now it has. > > > >So my main problem is the unability to use enumerate=true. Not necessarily a > >big deal, but maybe worth verifying why, though. > > I looked to the log file one more time and > I found that crash happend just with enumerating services. > > It might be caused by fact that different LDAP connection tried to be used for > services. > > [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to > [ldap://orion.int.servinfo.test:389/??base] with fd [19]. > [sdap_get_rootdse_send] (0x4000): Getting rootdse > > //snip > > [sdap_get_services_next_base] (0x0400): Searching for services with base > [dc=servinfo,dc=test] > [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with > [(&(objectclass=ipService)(cn=*)(ipServicePort=*)(ipServiceProtocol=*)) > > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipServicePort] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipServiceProtocol] > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] > [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 5 > [sdap_process_result] (0x2000): Trace: sh[0x256a080], connected[1], > ops[0x256b430], ldap[0x256a190] > [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to > [ldap://servinfo.test/CN=Configuration,DC=servinfo,DC=test] with fd [21] > > //after few lines > > [sdap_process_result] (0x0040): ldap_result error: [Can't contact LDAP server] > [remove_connection_callback] (0x4000): Successfully removed connection > callback.
A core file would help us more here, but I suspect a reconnection caused some internal structure that was allocated on the connection object to be released, but then it was reused.. Which sssd version is this? IIRC Sumit patched a similar situation a couple of months ago. > [server_setup] (0x0400): CONFDB: /var/lib/sss/db/config.ldb > ^^^^^^^^^^^^^ > process was restarted > > > I can see in log file that just 1st LDAP server should be used. > [dp_get_options] (0x0400): Option ldap_uri has value > ldap://orion.int.servinfo.test/ > > > I may be wrong but it may be caused by LDAP referrals. You can grep the logs for sdap_rebind_proc to be sure. btw I didn't let the logs through to the list, they were a bit too big for everyone's mailbox :-) > > You can try to disable it in sssd. > Put next line into domain section of sssd.conf > > ldap_referrals = false > > LS > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
