Non it didn't. I'm getting the same issue with or without enabling referrals. The only way to keep the sssd daemon up has been, so far, to disable enumeration (enumerate = false) in the domain config.
--- Christian Tardif [email protected] ------------------------- On 2015-01-15 03:41, Lukas Slebodnik wrote: > On (13/01/15 08:58), Lukas Slebodnik wrote: > On (13/01/15 03:43), Christian Tardif wrote: OK, now I can login. I was using > pam_listfile.so module, but the required group to allow login did not have > required posix gid to be available in the linux box. Now it has. So my main > problem is the unability to use enumerate=true. Not necessarily a big deal, > but maybe worth verifying why, though. I looked to the log file one more time > and I found that crash happend just with enumerating services. It might be > caused by fact that different LDAP connection tried to be used for services. > [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to > [ldap://orion.int.servinfo.test:389/??base] with fd [19]. > [sdap_get_rootdse_send] (0x4000): Getting rootdse //snip > [sdap_get_services_next_base] (0x0400): Searching for services with base > [dc=servinfo,dc=test] [sdap_get_generic_ext_step] (0x0400): calling > ldap_search_ext with > [(&(objectclass=ipService)(cn=*)(ipServicePort=*)(ipServiceProtocol=*)) > [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipServicePort] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipServiceProtocol] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 5 [sdap_process_result] (0x2000): Trace: sh[0x256a080], connected[1], ops[0x256b430], ldap[0x256a190] [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldap://servinfo.test/CN=Configuration,DC=servinfo,DC=test] with fd [21] //after few lines [sdap_process_result] (0x0040): ldap_result error: [Can't contact LDAP server] [remove_connection_callback] (0x4000): Successfully removed connection callback. [server_setup] (0x0400): CONFDB: /var/lib/sss/db/config.ldb ^^^^^^^^^^^^^ process was restarted I can see in log file that just 1st LDAP server should be used. [dp_get_options] (0x0400): Opti on ldap_uri has value ldap://orion.int.servinfo.test/ I may be wrong but it may be caused by LDAP referrals. You can try to disable it in sssd. Put next line into domain section of sssd.conf ldap_referrals = false Cristian, dit it help to disable referrals? LS
_______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
