On Mon, Mar 12, 2018 at 5:59 AM, Sumit Bose <sb...@redhat.com> wrote:

> On Sun, Mar 11, 2018 at 10:25:24AM -0400, Asif Iqbal wrote:
> > I still like some help with any workaround in dealing with string.
> >
> > IT LDAP team do not have any attribute value with real number. Is it
> > possible to create a local DB to map the mnetid to a real number and then
> > use that table as a reference for ID mapping? I am not sure if this
> > discussion should be in developer mailing list.
>
> You might want to try local overrides, see man sss_override for details.
>
> As an alternative you might want to try to enable enumeration. After the
> initial enumeration run is done all users and groups are already in
> SSSD's cache and lookups by id should work. But I'm not sure if
> enumeration can handle you setup where user and groups are defined by
> the same LDAP object.
>
> Finally, if it is possible to remove the leading '0's from mnetid it
> should work as well because then '(mnetid=4311)' would match as string
> as well.
>

So on a tangent from my original question I got a response from IT saying
"It seems like you are trying to use a value for something it was never
meant to be used for"

They are referring to mnetid. As you can see there is huge reluctance in
helping.
to fix this issue.


> bye,
> Sumit
>
> >
> > Appreciate any help
> >
> >
> >
> >
> > On Mar 8, 2018 11:29 PM, "Asif Iqbal" <vad...@gmail.com> wrote:
> >
> >
> >
> > On Wed, Feb 28, 2018 at 4:27 PM, Jakub Hrozek <jhro...@redhat.com>
> wrote:
> >
> > > I think the next good step would be to show the LDIF and logs of a
> > > resolution of a single faulty entry, e.g. 80974 which you used earlier
> as
> > > an example of an entry that doesn’t work.
> > >
> >
> > Here are some logs for this account
> >
> > dn: uid=mwvande,ou=People,dc=mnet,dc=qintra,dc=com
> > mnetid: 004311
> >
> > (Thu Mar  8 22:10:22 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler]
> > (0x0200): Got request for [0x1][BE_REQ_USER][idnumber=4311]
> > (Thu Mar  8 22:10:22 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
> > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectclass=
> > mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0))))][ou=People,dc=
> > mnet,dc=qintra,dc=com].
> > (Thu Mar  8 22:10:22 2018) [sssd[be[LDAP]]] [dp_table_value_destructor]
> > (0x0400): Removing [0:1:0x0001:1::LDAP:idnumber=4311] from reply table
> > (Thu Mar  8 22:10:29 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler]
> > (0x0200): Got request for [0x2][BE_REQ_GROUP][idnumber=4311]
> > (Thu Mar  8 22:10:29 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
> > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectClass=
> > inetOrgPerson)(uid=*)(&(mnetid=*)(!(mnetid=0))))][ou=
> > People,dc=mnet,dc=qintra,dc=com].
> > (Thu Mar  8 22:10:29 2018) [sssd[be[LDAP]]] [dp_table_value_destructor]
> > (0x0400): Removing [0:1:0x0001:2::LDAP:idnumber=4311] from reply table
> > (Thu Mar  8 22:11:14 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler]
> > (0x0200): Got request for [0x1][BE_REQ_USER][name=4311@ldap]
> > (Thu Mar  8 22:11:14 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
> > (0x0400): calling ldap_search_ext with [(&(uid=4311)(objectclass=
> > mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0))))][ou=People,dc=
> > mnet,dc=qintra,dc=com].
> > (Thu Mar  8 22:11:14 2018) [sssd[be[LDAP]]] [dp_table_value_destructor]
> > (0x0400): Removing [0:1:0x0001:1::LDAP:name=4311@ldap] from reply table
> > (Thu Mar  8 22:11:14 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler]
> > (0x0200): Got request for [0x1][BE_REQ_USER][idnumber=4311]
> > (Thu Mar  8 22:11:14 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
> > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectclass=
> > mnetPerson)(uid=*)(&(mnetid=*)(!(mnetid=0))))][ou=People,dc=
> > mnet,dc=qintra,dc=com].
> > (Thu Mar  8 22:11:14 2018) [sssd[be[LDAP]]] [dp_table_value_destructor]
> > (0x0400): Removing [0:1:0x0001:1::LDAP:idnumber=4311] from reply table
> > (Thu Mar  8 22:11:38 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler]
> > (0x0200): Got request for [0x2][BE_REQ_GROUP][idnumber=4311]
> > (Thu Mar  8 22:11:38 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
> > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectClass=
> > inetOrgPerson)(uid=*)(&(mnetid=*)(!(mnetid=0))))][ou=
> > People,dc=mnet,dc=qintra,dc=com].
> > (Thu Mar  8 22:11:38 2018) [sssd[be[LDAP]]] [dp_table_value_destructor]
> > (0x0400): Removing [0:1:0x0001:2::LDAP:idnumber=4311] from reply table
> > (Thu Mar  8 22:12:00 2018) [sssd[be[LDAP]]] [dp_get_account_info_handler]
> > (0x0200): Got request for [0x2][BE_REQ_GROUP][idnumber=4311]
> > (Thu Mar  8 22:12:00 2018) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
> > (0x0400): calling ldap_search_ext with [(&(mnetid=4311)(objectClass=
> > inetOrgPerson)(uid=*)(&(mnetid=*)(!(mnetid=0))))][ou=
> > People,dc=mnet,dc=qintra,dc=com].
> > (Thu Mar  8 22:12:00 2018) [sssd[be[LDAP]]] [dp_table_value_destructor]
> > (0x0400): Removing [0:1:0x0001:2::LDAP:idnumber=4311] from reply table
> >
> >
> > (Thu Mar  8 22:10:22 2018) [sssd[nss]] [nss_getby_id] (0x0400): Input ID:
> > 4311
> > (Thu Mar  8 22:10:22 2018) [sssd[nss]] [cache_req_search_send] (0x0400):
> CR
> > #913574: Looking up UID:4311@LDAP
> > (Thu Mar  8 22:10:22 2018) [sssd[nss]] [cache_req_search_ncache]
> (0x0400):
> > CR #913574: Checking negative cache for [UID:4311@LDAP]
> > (Thu Mar  8 22:10:22 2018) [sssd[nss]] [cache_req_search_ncache]
> (0x0400):
> > CR #913574: [UID:4311@LDAP] is not present in negative cache
> > (Thu Mar  8 22:10:22 2018) [sssd[nss]] [cache_req_search_cache] (0x0400):
> > CR #913574: Looking up [UID:4311@LDAP] in cache
> > (Thu Mar  8 22:10:22 2018) [sssd[nss]] [cache_req_search_cache] (0x0400):
> > CR #913574: Object [UID:4311@LDAP] was not found in cache
> > (Thu Mar  8 22:10:22 2018) [sssd[nss]] [cache_req_search_dp] (0x0400): CR
> > #913574: Looking up [UID:4311@LDAP] in data provider
> > (Thu Mar  8 22:10:22 2018) [sssd[nss]] [sss_dp_issue_request] (0x0400):
> > Issuing request for [0x5641be284b10:1:4311@LDAP]
> > (Thu Mar  8 22:10:22 2018) [sssd[nss]] [sss_dp_get_account_msg] (0x0400):
> > Creating request for [LDAP][0x1][BE_REQ_USER][idnumber=4311:-]
> > (Thu Mar  8 22:10:22 2018) [sssd[nss]] [sss_dp_internal_get_send]
> (0x0400):
> > Entering request [0x5641be284b10:1:4311@LDAP]
> > (Thu Mar  8 22:10:22 2018) [sssd[nss]] [cache_req_search_cache] (0x0400):
> > CR #913574: Looking up [UID:4311@LDAP] in cache
> > (Thu Mar  8 22:10:22 2018) [sssd[nss]] [cache_req_search_cache] (0x0400):
> > CR #913574: Object [UID:4311@LDAP] was not found in cache
> > (Thu Mar  8 22:10:22 2018) [sssd[nss]] [cache_req_global_ncache_add]
> > (0x0400): CR #913574: Adding [UID:4311@LDAP] to global negative cache
> > (Thu Mar  8 22:10:22 2018) [sssd[nss]] [sss_ncache_set_str] (0x0400):
> > Adding [NCE/UID/4311] to negative cache
> > (Thu Mar  8 22:10:22 2018) [sssd[nss]] [sss_dp_req_destructor] (0x0400):
> > Deleting request: [0x5641be284b10:1:4311@LDAP]
> > (Thu Mar  8 22:10:29 2018) [sssd[nss]] [nss_getby_id] (0x0400): Input ID:
> > 4311
> > (Thu Mar  8 22:10:29 2018) [sssd[nss]] [cache_req_search_send] (0x0400):
> CR
> > #913598: Looking up GID:4311@LDAP
> > (Thu Mar  8 22:10:29 2018) [sssd[nss]] [cache_req_search_ncache]
> (0x0400):
> > CR #913598: Checking negative cache for [GID:4311@LDAP]
> > (Thu Mar  8 22:10:29 2018) [sssd[nss]] [cache_req_search_ncache]
> (0x0400):
> > CR #913598: [GID:4311@LDAP] is not present in negative cache
> > (Thu Mar  8 22:10:29 2018) [sssd[nss]] [cache_req_search_cache] (0x0400):
> > CR #913598: Looking up [GID:4311@LDAP] in cache
> > (Thu Mar  8 22:10:29 2018) [sssd[nss]] [cache_req_search_cache] (0x0400):
> > CR #913598: Object [GID:4311@LDAP] was not found in cache
> > (Thu Mar  8 22:10:29 2018) [sssd[nss]] [cache_req_search_dp] (0x0400): CR
> > #913598: Looking up [GID:4311@LDAP] in data provider
> > (Thu Mar  8 22:10:29 2018) [sssd[nss]] [sss_dp_issue_request] (0x0400):
> > Issuing request for [0x5641be284b10:2:4311@LDAP]
> > (Thu Mar  8 22:10:29 2018) [sssd[nss]] [sss_dp_get_account_msg] (0x0400):
> > Creating request for [LDAP][0x2][BE_REQ_GROUP][idnumber=4311:-]
> > (Thu Mar  8 22:10:29 2018) [sssd[nss]] [sss_dp_internal_get_send]
> (0x0400):
> > Entering request [0x5641be284b10:2:4311@LDAP]
> > (Thu Mar  8 22:10:29 2018) [sssd[nss]] [cache_req_search_cache] (0x0400):
> > CR #913598: Looking up [GID:4311@LDAP] in cache
> > (Thu Mar  8 22:10:29 2018) [sssd[nss]] [cache_req_search_cache] (0x0400):
> > CR #913598: Object [GID:4311@LDAP] was not found in cache
> > (Thu Mar  8 22:10:29 2018) [sssd[nss]] [cache_req_global_ncache_add]
> > (0x0400): CR #913598: Adding [GID:4311@LDAP] to global negative cache
> > (Thu Mar  8 22:10:29 2018) [sssd[nss]] [sss_ncache_set_str] (0x0400):
> > Adding [NCE/GID/4311] to negative cache
> > (Thu Mar  8 22:10:29 2018) [sssd[nss]] [sss_dp_req_destructor] (0x0400):
> > Deleting request: [0x5641be284b10:2:4311@LDAP]
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [nss_getby_name] (0x0400): Input
> > name: 4311
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [cache_req_process_input]
> (0x0400):
> > CR #913740: Parsing input name [4311]
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [sss_parse_name_for_domains]
> > (0x0200): name '4311' matched without domain, user is 4311
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [cache_req_set_name] (0x0400): CR
> > #913740: Setting name [4311]
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [cache_req_search_send] (0x0400):
> CR
> > #913740: Looking up 4311@ldap
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [cache_req_search_ncache]
> (0x0400):
> > CR #913740: Checking negative cache for [4311@ldap]
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [cache_req_search_ncache]
> (0x0400):
> > CR #913740: [4311@ldap] is not present in negative cache
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [cache_req_search_cache] (0x0400):
> > CR #913740: Looking up [4311@ldap] in cache
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [cache_req_search_cache] (0x0400):
> > CR #913740: Object [4311@ldap] was not found in cache
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [cache_req_search_dp] (0x0400): CR
> > #913740: Looking up [4311@ldap] in data provider
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [sss_dp_issue_request] (0x0400):
> > Issuing request for [0x5641be284b10:1:4311@ldap@LDAP]
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [sss_dp_get_account_msg] (0x0400):
> > Creating request for [LDAP][0x1][BE_REQ_USER][name=4311@ldap:-]
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [sss_dp_internal_get_send]
> (0x0400):
> > Entering request [0x5641be284b10:1:4311@ldap@LDAP]
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [cache_req_search_cache] (0x0400):
> > CR #913740: Looking up [4311@ldap] in cache
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [cache_req_search_cache] (0x0400):
> > CR #913740: Object [4311@ldap] was not found in cache
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [cache_req_search_ncache_add]
> > (0x0400): CR #913740: Adding [4311@ldap] to negative cache
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [sss_ncache_set_str] (0x0400):
> > Adding [NCE/USER/LDAP/4311@ldap] to negative cache
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [sss_dp_req_destructor] (0x0400):
> > Deleting request: [0x5641be284b10:1:4311@ldap@LDAP]
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [nss_getby_id] (0x0400): Input ID:
> > 4311
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [cache_req_search_send] (0x0400):
> CR
> > #913741: Looking up UID:4311@LDAP
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [cache_req_search_ncache]
> (0x0400):
> > CR #913741: Checking negative cache for [UID:4311@LDAP]
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [cache_req_search_ncache]
> (0x0400):
> > CR #913741: [UID:4311@LDAP] is not present in negative cache
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [cache_req_search_cache] (0x0400):
> > CR #913741: Looking up [UID:4311@LDAP] in cache
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [cache_req_search_cache] (0x0400):
> > CR #913741: Object [UID:4311@LDAP] was not found in cache
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [cache_req_search_dp] (0x0400): CR
> > #913741: Looking up [UID:4311@LDAP] in data provider
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [sss_dp_issue_request] (0x0400):
> > Issuing request for [0x5641be284b10:1:4311@LDAP]
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [sss_dp_get_account_msg] (0x0400):
> > Creating request for [LDAP][0x1][BE_REQ_USER][idnumber=4311:-]
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [sss_dp_internal_get_send]
> (0x0400):
> > Entering request [0x5641be284b10:1:4311@LDAP]
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [cache_req_search_cache] (0x0400):
> > CR #913741: Looking up [UID:4311@LDAP] in cache
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [cache_req_search_cache] (0x0400):
> > CR #913741: Object [UID:4311@LDAP] was not found in cache
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [cache_req_global_ncache_add]
> > (0x0400): CR #913741: Adding [UID:4311@LDAP] to global negative cache
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [sss_ncache_set_str] (0x0400):
> > Adding [NCE/UID/4311] to negative cache
> > (Thu Mar  8 22:11:14 2018) [sssd[nss]] [sss_dp_req_destructor] (0x0400):
> > Deleting request: [0x5641be284b10:1:4311@LDAP]
> > (Thu Mar  8 22:11:15 2018) [sssd[nss]] [nss_getby_name] (0x0400): Input
> > name: 4311
> > (Thu Mar  8 22:11:15 2018) [sssd[nss]] [cache_req_process_input]
> (0x0400):
> > CR #913742: Parsing input name [4311]
> > (Thu Mar  8 22:11:15 2018) [sssd[nss]] [sss_parse_name_for_domains]
> > (0x0200): name '4311' matched without domain, user is 4311
> > (Thu Mar  8 22:11:15 2018) [sssd[nss]] [cache_req_set_name] (0x0400): CR
> > #913742: Setting name [4311]
> > (Thu Mar  8 22:11:15 2018) [sssd[nss]] [cache_req_search_send] (0x0400):
> CR
> > #913742: Looking up 4311@ldap
> > (Thu Mar  8 22:11:15 2018) [sssd[nss]] [cache_req_search_ncache]
> (0x0400):
> > CR #913742: Checking negative cache for [4311@ldap]
> > (Thu Mar  8 22:11:15 2018) [sssd[nss]] [cache_req_search_ncache]
> (0x0400):
> > CR #913742: [4311@ldap] does not exist (negative cache)
> > (Thu Mar  8 22:11:15 2018) [sssd[nss]] [nss_getby_id] (0x0400): Input ID:
> > 4311
> > (Thu Mar  8 22:11:15 2018) [sssd[nss]] [cache_req_search_send] (0x0400):
> CR
> > #913743: Looking up UID:4311@LDAP
> > (Thu Mar  8 22:11:15 2018) [sssd[nss]] [cache_req_search_ncache]
> (0x0400):
> > CR #913743: Checking negative cache for [UID:4311@LDAP]
> > (Thu Mar  8 22:11:15 2018) [sssd[nss]] [cache_req_search_ncache]
> (0x0400):
> > CR #913743: [UID:4311@LDAP] does not exist (negative cache)
> > (Thu Mar  8 22:11:38 2018) [sssd[nss]] [nss_getby_id] (0x0400): Input ID:
> > 4311
> > (Thu Mar  8 22:11:38 2018) [sssd[nss]] [cache_req_search_send] (0x0400):
> CR
> > #913764: Looking up GID:4311@LDAP
> > (Thu Mar  8 22:11:38 2018) [sssd[nss]] [cache_req_search_ncache]
> (0x0400):
> > CR #913764: Checking negative cache for [GID:4311@LDAP]
> > (Thu Mar  8 22:11:38 2018) [sssd[nss]] [cache_req_search_ncache]
> (0x0400):
> > CR #913764: [GID:4311@LDAP] is not present in negative cache
> > (Thu Mar  8 22:11:38 2018) [sssd[nss]] [cache_req_search_cache] (0x0400):
> > CR #913764: Looking up [GID:4311@LDAP] in cache
> > (Thu Mar  8 22:11:38 2018) [sssd[nss]] [cache_req_search_cache] (0x0400):
> > CR #913764: Object [GID:4311@LDAP] was not found in cache
> > (Thu Mar  8 22:11:38 2018) [sssd[nss]] [cache_req_search_dp] (0x0400): CR
> > #913764: Looking up [GID:4311@LDAP] in data provider
> > (Thu Mar  8 22:11:38 2018) [sssd[nss]] [sss_dp_issue_request] (0x0400):
> > Issuing request for [0x5641be284b10:2:4311@LDAP]
> > (Thu Mar  8 22:11:38 2018) [sssd[nss]] [sss_dp_get_account_msg] (0x0400):
> > Creating request for [LDAP][0x2][BE_REQ_GROUP][idnumber=4311:-]
> > (Thu Mar  8 22:11:38 2018) [sssd[nss]] [sss_dp_internal_get_send]
> (0x0400):
> > Entering request [0x5641be284b10:2:4311@LDAP]
> > (Thu Mar  8 22:11:38 2018) [sssd[nss]] [cache_req_search_cache] (0x0400):
> > CR #913764: Looking up [GID:4311@LDAP] in cache
> > (Thu Mar  8 22:11:38 2018) [sssd[nss]] [cache_req_search_cache] (0x0400):
> > CR #913764: Object [GID:4311@LDAP] was not found in cache
> > (Thu Mar  8 22:11:38 2018) [sssd[nss]] [cache_req_global_ncache_add]
> > (0x0400): CR #913764: Adding [GID:4311@LDAP] to global negative cache
> > (Thu Mar  8 22:11:38 2018) [sssd[nss]] [sss_ncache_set_str] (0x0400):
> > Adding [NCE/GID/4311] to negative cache
> > (Thu Mar  8 22:11:38 2018) [sssd[nss]] [sss_dp_req_destructor] (0x0400):
> > Deleting request: [0x5641be284b10:2:4311@LDAP]
> > (Thu Mar  8 22:12:00 2018) [sssd[nss]] [nss_getby_id] (0x0400): Input ID:
> > 4311
> > (Thu Mar  8 22:12:00 2018) [sssd[nss]] [cache_req_search_send] (0x0400):
> CR
> > #913765: Looking up GID:4311@LDAP
> > (Thu Mar  8 22:12:00 2018) [sssd[nss]] [cache_req_search_ncache]
> (0x0400):
> > CR #913765: Checking negative cache for [GID:4311@LDAP]
> > (Thu Mar  8 22:12:00 2018) [sssd[nss]] [cache_req_search_ncache]
> (0x0400):
> > CR #913765: [GID:4311@LDAP] is not present in negative cache
> > (Thu Mar  8 22:12:00 2018) [sssd[nss]] [cache_req_search_cache] (0x0400):
> > CR #913765: Looking up [GID:4311@LDAP] in cache
> > (Thu Mar  8 22:12:00 2018) [sssd[nss]] [cache_req_search_cache] (0x0400):
> > CR #913765: Object [GID:4311@LDAP] was not found in cache
> > (Thu Mar  8 22:12:00 2018) [sssd[nss]] [cache_req_search_dp] (0x0400): CR
> > #913765: Looking up [GID:4311@LDAP] in data provider
> > (Thu Mar  8 22:12:00 2018) [sssd[nss]] [sss_dp_issue_request] (0x0400):
> > Issuing request for [0x5641be284b10:2:4311@LDAP]
> > (Thu Mar  8 22:12:00 2018) [sssd[nss]] [sss_dp_get_account_msg] (0x0400):
> > Creating request for [LDAP][0x2][BE_REQ_GROUP][idnumber=4311:-]
> > (Thu Mar  8 22:12:00 2018) [sssd[nss]] [sss_dp_internal_get_send]
> (0x0400):
> > Entering request [0x5641be284b10:2:4311@LDAP]
> > (Thu Mar  8 22:12:00 2018) [sssd[nss]] [cache_req_search_cache] (0x0400):
> > CR #913765: Looking up [GID:4311@LDAP] in cache
> > (Thu Mar  8 22:12:00 2018) [sssd[nss]] [cache_req_search_cache] (0x0400):
> > CR #913765: Object [GID:4311@LDAP] was not found in cache
> > (Thu Mar  8 22:12:00 2018) [sssd[nss]] [cache_req_global_ncache_add]
> > (0x0400): CR #913765: Adding [GID:4311@LDAP] to global negative cache
> > (Thu Mar  8 22:12:00 2018) [sssd[nss]] [sss_ncache_set_str] (0x0400):
> > Adding [NCE/GID/4311] to negative cache
> > (Thu Mar  8 22:12:00 2018) [sssd[nss]] [sss_dp_req_destructor] (0x0400):
> > Deleting request: [0x5641be284b10:2:4311@LDAP]
> >
> >
> >
> >
> > >
> > > > On 28 Feb 2018, at 01:30, Asif Iqbal <vad...@gmail.com> wrote:
> > > >
> > > >
> > > >
> > > > On Tue, Feb 27, 2018 at 1:12 PM, Asif Iqbal <vad...@gmail.com>
> wrote:
> > > >
> > > >
> > > > On Tue, Feb 27, 2018 at 3:37 AM, Sumit Bose <sb...@redhat.com>
> wrote:
> > > > On Mon, Feb 26, 2018 at 10:21:14PM -0500, Asif Iqbal wrote:
> > > > > I have 300 out of 3000 users whose /home/<username> dir shows uid
> and
> > > gid
> > > > > instead of username and groupname.
> > > > >
> > > > > It seems to be behaving like a bug
> > > > >
> > > > > As soon I become a user with `sudo su - username' the uid of the
> home
> > > dir
> > > > > changes to username but gid still does not change to groupname.
> > > > >
> > > > > I also get an error message, but still successfully become that
> user
> > > > >
> > > > > $ ls -ld /home/mbniels
> > > > > drwx------. 3 80974 80974 4096 Feb 27 02:15 /home/mbniels
> > > > >
> > > > > $ su - mbniels
> > > > > Last login: Tue Feb 27 02:34:04 UTC 2018 on pts/39
> > > > > /usr/bin/id: cannot find name for group ID 80974
> > > > > groups: cannot find name for group ID 80974
> > > > >
> > > > > $ ls -ld /home/mbniels
> > > > > drwx------. 3 mbniels 80974 4096 Feb 27 02:15 /home/mbniels
> > > > >
> > > > > Then to check the groups of username I get another error which then
> > > gets
> > > > > cleared by next command.
> > > > >
> > > > > $ groups mbniels
> > > > > mbniels : groups: cannot find name for group ID 80974
> > > > > 80974 users
> > > > >
> > > > > $ getent group mbniels
> > > > > mbniels:*:80974
> > > > >
> > > > > $ groups mbniels
> > > > > mbniels : mbniels users
> > > > >
> > > > > It also fixes the gid to groupname
> > > > >
> > > > > $ ls -ld /home/mbniels/
> > > > > drwx------. 3 mbniels mbniels 4096 Feb 27 02:15 /home/mbniels/
> > > > >
> > > > > I noticed it reverts after may be within half an hour, not exact
> sure
> > > when.
> > > > > Almost behaves like `quantum entanglement'.
> > > > > As soon as I try to check by trying to become that user the issue
> > > > > disappears.
> > > > >
> > > > > This is not just cosmetic issue, when the home dir shows ownership
> with
> > > > > uid, instead of username, the user fails some commands.
> > > > >
> > > > > We just started noticing today, since we just built this box and
> only
> > > few
> > > > > months ago and users are being invited to start using this server
> > > > >
> > > > > Some annoying error it is showing like below and user then fails
> to ssh
> > > > >
> > > > >      $ ssh remote
> > > > >         No user exists for uid 80974
> > > > >
> > > > > I am using centos 7 and  sssd 1.15.2
> > > > >
> > > > > $ cat /etc/redhat-release
> > > > > CentOS Linux release 7.4.1708 (Core)
> > > > >
> > > > > $ sssd --version
> > > > > 1.15.2
> > > > >
> > > > > Here are some relevant logs
> > > > > https://paste.fedoraproject.org/paste/gBaZ-Vr8Urh-M5ABpaRNuA
> > > >
> > > > It looks like you are not using a plain RFC2307bis LDAP schema. Can
> you
> > > > send you sssd.conf and a typical LDAP user and group object?
> > > >
> > > > bye,
> > > > Sumit
> > > >
> > > >
> > > > Here is an ldap user and I using same info as group (sanitized)
> > > >
> > > >  dn: uid=mbniels,ou=People,dc=example,dc=com
> > > > roomNumber: 123456
> > > > departmentNumber: 3.11.3
> > > > tier1: Technology
> > > > joblevel: 6
> > > > legacycompany: G
> > > > mobile: +11234567890
> > > > manager: uid=managerid,ou=People,dc=example,dc=com
> > > > departmentname: TESTING & INTEG
> > > > costcenter: S0019751
> > > > companynumber: S001
> > > > companyname: EXAMPLE COMPANY
> > > > displayName: FOO, BAR
> > > > preferredname: Mark
> > > > docshareaccess: TRUE
> > > > sAMAccountName: mbniels
> > > > l: XX
> > > > street: 123 example ave
> > > > saploginid: foobar
> > > > title: LEAD ARCHITECT
> > > > postalCode: 123456
> > > > employeeNumber: 00112233
> > > > mail: foo....@example.com
> > > > objectClass: top
> > > > objectClass: person
> > > > objectClass: organizationalPerson
> > > > objectClass: inetOrgPerson
> > > > objectClass: mnetPerson
> > > > mnetid: 080974
> > > > uid: mbniels
> > > > givenName: Mark
> > > > st: XX
> > > > cn: Foo Bar
> > > > sn: Bar
> > > > employeeType: Management
> > > > initials: X
> > > > nationnumber: USA
> > > > nationname: United States
> > > >
> > > >
> > > >
> > > > I am still looking for some help on this.
> > > >
> > > >
> > > >
> > > > --
> > > > Asif Iqbal
> > > > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
> > > > A: Because it messes up the order in which people normally read text.
> > > > Q: Why is top-posting such a bad thing?
> > > >
> > > > _______________________________________________
> > > > sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> > > > To unsubscribe send an email to sssd-users-leave@lists.
> fedorahosted.org
> > > _______________________________________________
> > > sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> > > To unsubscribe send an email to sssd-users-leave@lists.
> fedorahosted.org
> > >
> >
> >
> >
> > --
> > Asif Iqbal
> > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
> > A: Because it messes up the order in which people normally read text.
> > Q: Why is top-posting such a bad thing?
>
> > _______________________________________________
> > sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
> _______________________________________________
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
>



-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org

Reply via email to