** Description changed: Hi, The search base parameter for autofs was intented to be set for each domain separately, but it fails to do so. The value of the first occurence of the parameter somehow is set for all domain sections. I'm posting example configuration below. There are 2 domains, and in this case the ldap_autofs_search_base parameter of the "skp.fids" domain overrides the rest of the occurencies. If you just switch the precedence in the domain defintions "fids, skp.fids", then the oposite is valid. I have used subdomain in the example and it might be confusing, but nevertheles, I did bunch of tests including completely different domains with same results. In a contrary the sudo_search_base is working just fine. I tried including scope as well, but it didnt help. I was tracking the ldap request on the ldap server side when autofs service is restarted. It always searches for one record, there is no additional request for the other domain (I'm posting the logs too) + + + Environment: + Ubuntu Server 14.04.5 LTS x86_64 + SSSD 1.11.8-0ubuntu0.2 CONFIGURATION [sssd] config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 services = nss, pam, sudo, autofs domains = skp.fids, fids [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] reconnection_retries = 3 [autofs] [domain/skp.fids] ; Using enumerate = true leads to high load and slow response enumerate = false cache_credentials = false id_provider = ldap auth_provider = krb5 chpass_provider = krb5 autofs_provider = ldap ldap_uri = ldap://ldap.skp.fids ldap_search_base = dc=skp,dc=fids ldap_sudo_search_base = ou=sudoers,dc=skp,dc=fids ldap_autofs_search_base = ou=automount,ou=admin,dc=skp,dc=fids ldap_tls_reqcert = never krb5_kdcip = kerberos.skp.fids krb5_realm = SKP.FIDS krb5_changepw_principle = kadmin/changepw krb5_auth_timeout = 15 krb5_renewable_lifetime = 5d - [domain/fids] ; Using enumerate = true leads to high load and slow response enumerate = false cache_credentials = false id_provider = ldap auth_provider = krb5 chpass_provider = krb5 autofs_provider = ldap ldap_uri = ldap://ldap.skp.fids ldap_search_base = dc=fids ldap_uri = ldap://ldap.skp.fids ldap_search_base = dc=fids ldap_sudo_search_base = ou=sudoers,dc=fids ldap_autofs_search_base = ou=automount,ou=admin,dc=fids ldap_tls_reqcert = never krb5_kdcip = kerberos.skp.fids krb5_realm = FIDS krb5_changepw_principle = kadmin/changepw krb5_auth_timeout = 15 krb5_renewable_lifetime = 5d - LOGS (this is the only request in the logs) ... Oct 22 12:15:41 vav slapd[1294]: conn=1077 op=1 SRCH base="ou=automount,ou=admin,dc=fids" scope=2 deref=0 filter="(&(ou=auto.master)(objectClass=automountMap))" Oct 22 12:15:41 vav slapd[1294]: conn=1077 op=1 SRCH attr=objectClass ou Oct 22 12:15:41 vav slapd[1294]: conn=1077 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Oct 22 12:15:41 vav slapd[1294]: conn=1077 fd=25 ACCEPT from IP=192.168.91.101:36298 (IP=0.0.0.0:389) Oct 22 12:15:41 vav slapd[1294]: conn=1077 op=2 SRCH base="ou=auto.master,ou=automount,ou=admin,dc=fids" scope=2 deref=0 filter="(&(cn=*)(objectClass=automount))" Oct 22 12:15:41 vav slapd[1294]: conn=1077 op=2 SRCH attr=objectClass cn automountInformation Oct 22 12:15:41 vav slapd[1294]: conn=1077 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Oct 22 12:15:41 vav slapd[1294]: conn=1077 op=3 SRCH base="ou=automount,ou=admin,dc=fids" scope=2 deref=0 filter="(&(ou=auto.home)(objectClass=automountMap))" Oct 22 12:15:41 vav slapd[1294]: conn=1077 op=3 SRCH attr=objectClass ou Oct 22 12:15:41 vav slapd[1294]: conn=1077 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= Oct 22 12:15:41 vav slapd[1294]: conn=1077 op=4 SRCH base="ou=auto.home,ou=automount,ou=admin,dc=fids" scope=2 deref=0 filter="(&(cn=*)(objectClass=automount))" Oct 22 12:15:41 vav slapd[1294]: conn=1077 op=4 SRCH attr=objectClass cn automountInformation Oct 22 12:15:41 vav slapd[1294]: conn=1077 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text= - Oct 22 12:15:49 vav slapd[1294]: conn=1077 op=5 SRCH base="ou=sudoers,dc=fids" scope=2 deref=0 + Oct 22 12:15:49 vav slapd[1294]: conn=1077 op=5 SRCH base="ou=sudoers,dc=fids" scope=2 deref=0 ...
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1635885 Title: ldap_autofs_search_base not domain based To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1635885/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
