Thanks so much for the assistance. Added:
ldap_disable_paging = true Does this mean the problem's resolved? I login successfully then error repeats.... (Tue Aug 16 09:55:41 2016) [sssd[be[LDAP]]] [sdap_get_generic_op_finished] (0x0040): Unexpected result from ldap: Protocol error(2), paged results cookie is invalid (Tue Aug 16 09:55:41 2016) [sssd[be[LDAP]]] [generic_ext_search_handler] (0x0040): sdap_get_generic_ext_recv failed [5]: Input/output error (Tue Aug 16 09:55:41 2016) [sssd[be[LDAP]]] [sdap_get_users_done] (0x0040): Failed to retrieve users (Tue Aug 16 09:55:41 2016) [sssd[be[LDAP]]] [sdap_dom_enum_ex_users_done] (0x0040): User enumeration failed: 5: Input/output error (Tue Aug 16 09:55:41 2016) [sssd[be[LDAP]]] [be_ptask_done] (0x0040): Task [enumeration]: failed with [5]: Input/output error (Tue Aug 16 09:58:43 2016) [sssd[be[LDAP]]] [be_res_get_opts] (0x0100): Lookup order: ipv4_first (Tue Aug 16 09:58:43 2016) [sssd[be[LDAP]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel (Tue Aug 16 09:58:43 2016) [sssd[be[LDAP]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_LDAP,1) (Tue Aug 16 09:58:43 2016) [sssd[be[LDAP]]] [sss_names_init_from_args] (0x0100): Using re [(?P<name>[^@]+)@?(?P<domain>[^@]*$)]. (Tue Aug 16 09:58:43 2016) [sssd[be[LDAP]]] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s]. Later: (Tue Aug 16 09:58:43 2016) [sssd[be[LDAP]]] [sdap_cli_auth_step] (0x0100): expire timeout is 900 (Tue Aug 16 09:58:43 2016) [sssd[be[LDAP]]] [set_server_common_status] (0x0100): Marking server 'old dinosaur' as 'working' (Tue Aug 16 09:58:43 2016) [sssd[be[LDAP]]] [be_client_init] (0x0100): Set-up Backend ID timeout [0x177a8f0] (Tue Aug 16 09:58:43 2016) [sssd[be[LDAP]]] [be_client_init] (0x0100): Set-up Backend ID timeout [0x177d690] (Tue Aug 16 09:58:43 2016) [sssd[be[LDAP]]] [client_registration] (0x0100): Cancel DP ID timeout [0x177a8f0] (Tue Aug 16 09:58:43 2016) [sssd[be[LDAP]]] [client_registration] (0x0100): Added Frontend client [NSS] (Tue Aug 16 09:58:43 2016) [sssd[be[LDAP]]] [enum_users_done] (0x0100): Users higher USN value: [20160816071917Z] <---- enumeration works? (Tue Aug 16 09:58:43 2016) [sssd[be[LDAP]]] [client_registration] (0x0100): Cancel DP ID timeout [0x177d690] (Tue Aug 16 09:58:43 2016) [sssd[be[LDAP]]] [client_registration] (0x0100): Added Frontend client [PAM] (Tue Aug 16 09:58:44 2016) [sssd[be[LDAP]]] [sdap_process_group_send] (0x0040): No Members. Done! <------ this repeats much - only showing one line for sake of space (Tue Aug 16 09:58:44 2016) [sssd[be[LDAP]]] [enum_groups_done] (0x0100): Groups higher USN value: [20160727234025Z] <---- enumeration works? I type getent passwd / group: (Tue Aug 16 10:03:43 2016) [sssd[be[LDAP]]] [sdap_get_users_done] (0x0040): Failed to retrieve users (Tue Aug 16 10:08:17 2016) [sssd[be[LDAP]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Tue Aug 16 10:08:39 2016) [sssd[be[LDAP]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Tue Aug 16 10:08:43 2016) [sssd[be[LDAP]]] [sdap_get_users_done] (0x0040): Failed to retrieve users Greater logging with me typing "getent user" attached... I am not able to see any issues. I can post more extensive logs if that would be helpful. Thanks Doug Thanks, Douglas Duckworth, MSc, LFCS HPC System Administrator Physiology and Biophysics Weill Cornell Medicine E: [email protected] O: 212-746-5454 F: 212-746-8690 On Tue, Aug 16, 2016 at 5:29 AM, Michael Ströder <[email protected]> wrote: > Jakub Hrozek wrote: > > This is a different issue now. It looks like the server does not support > > paged searches correctly or has issues with the paging support, because > > it sends an invalid cookie (the invalid cookie message is reported by > > openldap-libs..) > > [..] > > I wonder if it would be possible to increase the page size with the > > ldap_page_size option to make the enumeration results fit into one page? > > Or simply use > > ldap_disable_paging = true > > Note that only AD allows circumventing search limits with this extended > control. > All other LDAP servers I know and especially OpenLDAP enforce the search > size > limits also with paged search. > > Ciao, Michael. > >
user
Description: Binary data
_______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
