On (13/01/15 08:58), Lukas Slebodnik wrote: >On (13/01/15 03:43), Christian Tardif wrote: >>OK, now I can login. I was using pam_listfile.so module, but the required >>group to allow login did not have required posix gid to be available in the >>linux box. Now it has. >> >>So my main problem is the unability to use enumerate=true. Not necessarily a >>big deal, but maybe worth verifying why, though. > >I looked to the log file one more time and >I found that crash happend just with enumerating services. > >It might be caused by fact that different LDAP connection tried to be used for >services. > >[sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to >[ldap://orion.int.servinfo.test:389/??base] with fd [19]. >[sdap_get_rootdse_send] (0x4000): Getting rootdse > >//snip > >[sdap_get_services_next_base] (0x0400): Searching for services with base >[dc=servinfo,dc=test] >[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with >[(&(objectclass=ipService)(cn=*)(ipServicePort=*)(ipServiceProtocol=*)) > >[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] >[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] >[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipServicePort] >[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipServiceProtocol] >[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] >[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 5 >[sdap_process_result] (0x2000): Trace: sh[0x256a080], connected[1], >ops[0x256b430], ldap[0x256a190] >[sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to >[ldap://servinfo.test/CN=Configuration,DC=servinfo,DC=test] with fd [21] > >//after few lines > >[sdap_process_result] (0x0040): ldap_result error: [Can't contact LDAP server] >[remove_connection_callback] (0x4000): Successfully removed connection >callback. >[server_setup] (0x0400): CONFDB: /var/lib/sss/db/config.ldb >^^^^^^^^^^^^^ >process was restarted > > >I can see in log file that just 1st LDAP server should be used. >[dp_get_options] (0x0400): Option ldap_uri has value >ldap://orion.int.servinfo.test/ > > >I may be wrong but it may be caused by LDAP referrals. > >You can try to disable it in sssd. >Put next line into domain section of sssd.conf > >ldap_referrals = false > Cristian,
dit it help to disable referrals? LS _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
