On Thu, Aug 11, 2016 at 05:17:14PM -0400, Douglas Duckworth wrote:
> Hello
>
> I am able to enumerate users but not groups using "getent group."
>
> I believe our old LDAP server uses standard rcf2307 schema:
>
> # blah, Group, blah.blah.blah.edu
> dn: cn=blah,ou=Group,dc=blah,dc=blah,dc=blah,dc=edu
> objectClass: posixGroup
> objectClass: top
> cn: blahgroup
> gidNumber: 1045
> memberUid: blah
>
> I can login over ssh, use getent password, while id returns correct
> information:
>
> [root@nfs-server ~]# id LUZER
> uid=8877(LUZER) gid=1009 groups=1009
>
> My SSSD configuration and debug logs are attached.
>
> I can resolve the LDAP server and perform searches against it though the
> logs to show repeated DNS issues. Though if DNS was a problem, and thus
> provider offline, then how could I login and enumerate users?
These messages:
(Thu Aug 11 17:06:40 2016) [sssd[be[LDAP]]] [sss_ldap_init_sys_connect_done]
(0x0020): ldap_install_tls failed: Connect error
(Thu Aug 11 17:06:40 2016) [sssd[be[LDAP]]] [sss_ldap_init_state_destructor]
(0x0400): calling ldap_unbind_ext for ldap:[0x183db80] sd:[18]
(Thu Aug 11 17:06:40 2016) [sssd[be[LDAP]]] [sdap_sys_connect_done] (0x0020):
sdap_async_connect_call request failed: [5]: Input/output error.
(Thu Aug 11 17:06:40 2016) [sssd[be[LDAP]]] [sdap_handle_release] (0x2000):
Trace: sh[0x1850770], connected[0], ops[(nil)], ldap[(nil)],
destructor_lock[0], release_memory[0]
(Thu Aug 11 17:06:40 2016) [sssd[be[LDAP]]] [_be_fo_set_port_status] (0x8000):
Setting status: PORT_NOT_WORKING. Called from:
src/providers/ldap/sdap_async_connection.c: sdap_cli_connect_done: 1564
(Thu Aug 11 17:06:40 2016) [sssd[be[LDAP]]] [fo_set_port_status] (0x0100):
Marking port 636 of server 'blah.blah.blah.edu' as 'not working'
(Thu Aug 11 17:06:40 2016) [sssd[be[LDAP]]] [fo_set_port_status] (0x0400):
Marking port 636 of duplicate server 'blah.blah.blah.edu' as 'not working'
(Thu Aug 11 17:06:40 2016) [sssd[be[LDAP]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'LDAP'
(Thu Aug 11 17:06:40 2016) [sssd[be[LDAP]]] [get_server_status] (0x1000):
Status of server 'blah.blah.blah.edu' is 'name resolved'
(Thu Aug 11 17:06:40 2016) [sssd[be[LDAP]]] [get_port_status] (0x1000): Port
status of port 636 for server 'blah.blah.blah.edu' is 'not working'
(Thu Aug 11 17:06:40 2016) [sssd[be[LDAP]]] [fo_resolve_service_send] (0x0020):
No available servers for service 'LDAP'
(Thu Aug 11 17:06:40 2016) [sssd[be[LDAP]]] [be_resolve_server_done] (0x1000):
Server resolution failed: 5
(Thu Aug 11 17:06:40 2016) [sssd[be[LDAP]]] [sdap_id_op_connect_done] (0x0020):
Failed to connect, going offline (5 [Input/output error])
(Thu Aug 11 17:06:40 2016) [sssd[be[LDAP]]] [be_mark_offline] (0x2000): Going
offline!
(Thu Aug 11 17:06:40 2016) [sssd[be[LDAP]]] [be_mark_offline] (0x2000):
Initialize check_if_online_ptask.
(Thu Aug 11 17:06:40 2016) [sssd[be[LDAP]]] [be_ptask_create] (0x0400):
Periodic task [Check if online (periodic)] was created
(Thu Aug 11 17:06:40 2016) [sssd[be[LDAP]]] [be_ptask_schedule] (0x0400): Task
[Check if online (periodic)]: scheduling task 81 seconds from now [1470949681]
(Thu Aug 11 17:06:40 2016) [sssd[be[LDAP]]] [be_run_offline_cb] (0x0080): Going
offline. Running callbacks.
(Thu Aug 11 17:06:40 2016) [sssd[be[LDAP]]] [sdap_id_op_connect_done] (0x4000):
notify offline to op #1
(Thu Aug 11 17:06:40 2016) [sssd[be[LDAP]]] [sdap_dom_enum_ex_connected]
(0x0400): Backend is marked offline, retry later!
make it look like the certificate is not correct, sssd tries to connect to the
server and fails.
Does searching the server with ldapsearch using -ZZ succeed?
_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/admin/lists/[email protected]
