There are settings in the sssd.conf file that aren't in the ldbsearch output or that have the wrong values in the output:
[root@host ~]# cat /etc/sssd/sssd.conf [domain/domain.com] access_provider = simple ad_domain = domain.com ad_hostname = host.domain.com cache_credentials = true debug_level = 6 default_shell = /bin/bash dyndns_update = false fallback_homedir = /home/%u id_provider = ad krb5_realm = DOMAIN.COM <http://domain.com/> krb5_store_password_if_offline = true ldap_id_mapping = true realmd_tags = manages-system joined-with-adcli simple_allow_groups = Group1 use_fully_qualified_names = false [sssd] config_file_version = 2 domains = domain.com override_space = _ services = nss,pam [root@host ~]# ldbsearch -H /var/lib/sss/db/config.ldb server_sort:Unable to register control with rootdse! # record 1 dn: cn=sssd,cn=config cn: sssd config_file_version: 2 domains: domain.com services: nss, pam distinguishedName: cn=sssd,cn=config # record 2 dn: cn=config version: 2 lastUpdate: 1459260529 distinguishedName: cn=config # record 3 dn: cn=domain.com,cn=domain,cn=config access_provider: ad ad_domain: domain.com cache_credentials: True cn: domain.com default_shell: /bin/bash fallback_homedir: /home/%u@%d id_provider: ad krb5_realm: DOMAIN.COM <http://domain.com/> krb5_store_password_if_offline: True ldap_id_mapping: True realmd_tags: manages-system joined-with-adcli use_fully_qualified_names: True case_sensitive: false distinguishedName: cn=domain.com,cn=domain,cn=config # returned 3 records # 3 entries # 0 referrals On Tue, Mar 29, 2016 at 10:23 AM, Lukas Slebodnik <[email protected]> wrote: > On (29/03/16 09:52), Chadwick Banning wrote: > >I just finally got a pristine test case for doing this and here are the > >results: > > > >[root@host ~]# ls -l /etc/sssd/sssd.conf > > > >-rw------- 1 root root 559 Mar 29 09:29 /etc/sssd/sssd.conf > > > > > >[root@host ~]# ls -l /var/lib/sss/db/config.ldb > > > >-rw------- 1 root root 1286144 Mar 29 09:29 /var/lib/sss/db/config.ldb > > > > > >[root@host ~]# ls --time-style='+%d-%m-%Y %H:%M:%S' -l > /etc/sssd/sssd.conf > > > >-rw------- 1 root root 559 29-03-2016 09:29:58 /etc/sssd/sssd.conf > > > > > >[root@host ~]# ls --time-style='+%d-%m-%Y %H:%M:%S' -l > >/var/lib/sss/db/config.ldb > > > >-rw------- 1 root root 1286144 29-03-2016 09:29:59 > >/var/lib/sss/db/config.ldb > > > > > >These times make sense as the sssd.conf file was put into place and then > >the service restarted and the config.ldb built. From /var/log/messages: > > > > > >Mar 29 09:29:58 localhost puppet-agent[2865]: (/Stage[main]/Realmd::Sssd:: > >Config/File[/etc/sssd/sssd.conf]/content) content changed '{md5} > >4b5234cb037adcfb49887c0616773efb' to > '{md5}30e2784e49079c59193eeeae21d48c65' > > > >Mar 29 09:29:58 localhost puppet-agent[2865]: > (Class[Realmd::Sssd::Config]) > >Scheduling refresh of Class[Realmd::Sssd::Service] > > > >Mar 29 09:29:58 localhost puppet-agent[2865]: > >(Class[Realmd::Sssd::Service]) Scheduling refresh of Service[sssd] > > > >Mar 29 09:29:58 localhost systemd: Stopping System Security Services > >Daemon... > > > >Mar 29 09:29:58 localhost sssd[nss]: Shutting down > > > >Mar 29 09:29:58 localhost sssd[be[domain.com]]: Shutting down > > > >Mar 29 09:29:58 localhost sssd[pam]: Shutting down > > > >Mar 29 09:29:58 localhost systemd: Starting System Security Services > >Daemon... > > > >Mar 29 09:29:58 localhost sssd: Starting up > > > >Mar 29 09:29:58 localhost sssd[be[domain.com]]: Starting up > > > >Mar 29 09:29:59 localhost sssd[nss]: Starting up > > > >Mar 29 09:29:59 localhost sssd[pam]: Starting up > > > >Mar 29 09:29:59 localhost systemd: Started System Security Services > Daemon. > > > > > >At the point of restart shouldn't it have seen the updated time on > >sssd.conf and rebuilt config.ldb? > > > It should and according to timestamps it was done. > > If you think it was not done then could you provide latest sssd.conf > and output of following command? > ldbsearch -H /var/lib/sss/db/config.ldb > ^^^^^^^^^ > This utility is part of package ldb-tools > > LS > _______________________________________________ > sssd-users mailing list > [email protected] > > https://lists.fedorahosted.org/admin/lists/[email protected] > -- Chadwick Banning
_______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
