[SSSD-users] User [op01] was not found with the specified filter. Denying access

liujitao79 Thu, 13 Oct 2016 19:33:48 -0700

hi,all

#### user op01 
ldapsearch -x -W -H ldaps://master.local -D cn=manager,dc=suntv,dc=tv -b 
uid=op01,ou=people,dc=suntv,dc=tv
Enter LDAP Password: 
```
# extended LDIF
#
# LDAPv3
# base <uid=op01,ou=people,dc=suntv,dc=tv> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#


# op01, people, suntv.tv
dn: uid=op01,ou=people,dc=suntv,dc=tv
uid: op01
cn: op01
sn: op01
objectClass: hostObject
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
userPassword:: MTIzNDU2
shadowLastChange: 17085
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1001
gidNumber: 2001
homeDirectory: /home/op01
labeledURI: ldaps:///ou=op,ou=host,dc=suntv,dc=tv?host
#  Dynamic Lists of the opneldap
host: 192.168.1.21
#  generated Dynamic Lists of the opneldap 
host: 192.168.1.22
#  generated Dynamic Lists of the opneldap 
# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
```


####sssd.conf
```
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap

......

ldap_search_base = dc=suntv,dc=tv
ldap_user_search_base = ou=people,dc=suntv,dc=tv
ldap_group_search_base = ou=group,dc=suntv,dc=tv

......

access_provider = ldap
ldap_access_order = filter
ldap_access_filter = (|(host=all)(host=192.168.1.21))
```

####test
ssh op01@192.168.1.21
op01@192.168.1.21's password: 
Connection to 192.168.1.21 closed by remote host.
Connection to 192.168.1.21 closed.

sssd_LDAP.log
```
(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_access_filter_send] (0x0400): 
Performing access filter check for user [op01]
(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_access_filter_send] (0x0400): 
Checking filter against LDAP
(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_id_op_connect_step] (0x4000): 
reusing cached connection
(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_print_server] (0x2000): 
Searching 192.168.1.11
(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x0400): calling ldap_search_ext with 
[(&(uid=op01)(objectclass=posixAccount)(|(host=all)(host=192.168.1.21)))][uid=op01,ou=people,dc=suntv,dc=tv].
(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x2000): ldap_search_ext called, msgid = 5
(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_op_add] (0x2000): New 
operation 5 timeout 6
(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): 
Trace: sh[0x7f1b15cca440], connected[1], ops[0x7f1b15d9a700], 
ldap[0x7f1b15cb09f0]
(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_process_message] (0x4000): 
Message type: [LDAP_RES_SEARCH_RESULT]
(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_get_generic_op_finished] 
(0x0400): Search result: Success(0), no errmsg set
(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_op_destructor] (0x2000): 
Operation 5 finished
(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_id_op_done] (0x4000): 
releasing operation connection
(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_access_filter_done] (0x0100): 
User [op01] was not found with the specified filter. Denying access.
(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_access_filter_done] (0x0400): 
Access denied by online lookup
(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [ldb] (0x4000): start ldb 
transaction (nesting: 0)
(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f1b15d9da80

(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f1b15d9dbb0

(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [ldb] (0x4000): Running timer event 
0x7f1b15d9da80 "ltdb_callback"

(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [ldb] (0x4000): Destroying timer 
event 0x7f1b15d9dbb0 "ltdb_timeout"

(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [ldb] (0x4000): Ending timer event 
0x7f1b15d9da80 "ltdb_callback"

(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [ldb] (0x4000): commit ldb 
transaction (nesting: 0)
(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_access_done] (0x0400): Access 
was denied.
(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [be_pam_handler_callback] (0x0100): 
Backend returned: (0, 6, <NULL>) [Success (Permission denied)]
(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [be_pam_handler_callback] (0x0100): 
Sending result [6][LDAP]
(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [be_pam_handler_callback] (0x0100): 
Sent result [6][LDAP]
(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): 
Trace: sh[0x7f1b15cca440], connected[1], ops[(nil)], ldap[0x7f1b15cb09f0]
(Fri Oct 14 10:23:04 2016) [sssd[be[LDAP]]] [sdap_process_result] (0x2000): 
Trace: ldap_result found nothing!
(Fri Oct 14 10:23:06 2016) [sssd[be[LDAP]]] [sbus_dispatch] (0x4000): dbus 
conn: 0x7f1b15cac500
(Fri Oct 14 10:23:06 2016) [sssd[be[LDAP]]] [sbus_dispatch] (0x4000): 
Dispatching.

```

calling ldap_search_ext with 
[(&(uid=op01)(objectclass=posixAccount)(|(host=all)(host=192.168.1.21)))][uid=op01,ou=people,dc=suntv,dc=tv]
User [op01] was not found with the specified filter. Denying access.

Why is not results the ldap_search_ext? 
please help me, thank.
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org

[SSSD-users] User [op01] was not found with the specified filter. Denying access

Reply via email to