SSSD team, Hello! I'm a bit perplexed on how to validate and test data read by the Dbus/IFP responder. I'd like to better understand the cache aspects and how to validate that non-default whitelisted attributes are in fact exposed. I'm using the AD provider against a 2012 R2 back end.
[sssd] config_file_version = 2 services = nss,pam,pac,ifp domains = dvc.darkvixen.com [nss] reconnection_retries = 3 filter_users = root,bin,daemon,games,gdm,lp,nobody,openslp,rpc,statd filter_groups = root,bin,daemon,sys,disk,lp,audio,floppy,cdrom,video,games [pam] [pac] [ifp] allowed_uids = root,wwwrun,sssd user_attributes = +mail,+department,+telephoneNumber,-gecos [domain/dvc.darkvixen.com] id_provider = ad enumerate = false cache_credentials = true case_sensitive = false override_homedir = /home/%u override_shell = /bin/bash override_gid = 1727401607 ldap_user_extra_attrs = mail,department,telephoneNumber Output from sssctl: # sssctl user-show msteele Name: msteele Cache entry creation date: 01/08/21 10:14:35 Cache entry last update time: 01/08/21 14:04:18 Cache entry expiration time: 01/08/21 15:34:18 Initgroups expiration time: 01/08/21 15:34:18 Cached in InfoPipe: No # sssctl user-checks msteele user: msteele action: acct service: system-auth SSSD nss user lookup result: - user name: msteele - user id: 1727401116 - group id: 1727401607 - gecos: Ming Steele - home directory: /home/msteele - shell: /bin/bash SSSD InfoPipe user lookup result: - name: msteele - uidNumber: 1727401116 - gidNumber: 1727400513 - gecos: - homeDirectory: /home/msteele - loginShell: /bin/bash testing pam_acct_mgmt pam_acct_mgmt: Success PAM Environment: - no env - Should the attributes in fact be cached and displayed? Packages installed: # rpm -qa | grep sss python-sssdconfig-1.16.5-10.el7_9.5.noarch sssd-client-1.16.5-10.el7_9.5.armv7hl libsss_autofs-1.16.5-10.el7_9.5.armv7hl sssd-common-1.16.5-10.el7_9.5.armv7hl libsss_simpleifp-1.16.5-10.el7_9.5.armv7hl sssd-ad-1.16.5-10.el7_9.5.armv7hl libsss_idmap-1.16.5-10.el7_9.5.armv7hl libsss_certmap-1.16.5-10.el7_9.5.armv7hl sssd-libwbclient-1.16.5-10.el7_9.5.armv7hl libsss_sudo-1.16.5-10.el7_9.5.armv7hl sssd-polkit-rules-1.16.5-10.el7_9.5.armv7hl sssd-dbus-1.16.5-10.el7_9.5.armv7hl sssd-common-pac-1.16.5-10.el7_9.5.armv7hl sssd-tools-1.16.5-10.el7_9.5.armv7hl sssd-ldap-1.16.5-10.el7_9.5.armv7hl libsss_nss_idmap-1.16.5-10.el7_9.5.armv7hl sssd-krb5-common-1.16.5-10.el7_9.5.armv7hl python-sss-1.16.5-10.el7_9.5.armv7hl sssd-krb5-1.16.5-10.el7_9.5.armv7hl -- lawrence
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
