Here is my domain section … reproducible every time if i clear the sssd cache.
[domain/default] debug_level = 9 id_provider = ad auth_provider = ad access_provider = ldap chpass_provider = ad ad_domain = dhe.duke.edu ldap_search_base = DC=dhe,DC=duke,DC=edu ldap_idmap_default_domain = dhe.duke.edu ldap_sasl_mech = GSSAPI ldap_user_principle = workAround ldap_account_expire_policy = ad ldap_access_order = expire ldap_schema = ad ldap_referrals = False ldap_id_mapping = True ldap_force_upper_case_realm = True ldap_user_search_base = DC=dhe,DC=duke,DC=edu?subtree?(memberOf=CN=BIAC-Users,OU=Groups,OU=BIAC,OU=SOM,OU=EnterpriseResources,DC=dhe,DC=duke,DC=edu) ldap_idmap_default_domain_sid = REMOVED ldap_tls_reqcert = never case_sensitive = False krb5_lifetime = 10h krb5_renewable_lifetime = 7d krb5_renew_interval = 3600 krb5_ccachedir = /mnt/cluster_dhe/clustertmp/common/krb5ccache krb5_ccname_template = FILE:%d/krb5cc_%U_XXXXXX ldap_account_expire_policy = ad krb5_realm = DHE.DUKE.EDU #these will go away with IDMU uid ldap_idmap_range_size = 20000000 ldap_idmap_range_min = 0 ldap_idmap_range_max = 2000000000 min_id = 500 override_gid = 197250 cache_credentials = True ignore_group_members = True
On Apr 30, 2015, at 9:39 AM, Jean-Baptiste Denis jbdenis@pasteur.fr wrote:
I tried to reproduce bug with your script but I was not successful.
Domain section from sssd.conf [domain/refLDAP] id_provider = ldap auth_provider = ldap debug_level = 0xFFF0 ldap_uri = ldap://172.17.0.1 ldap_search_base = dc=example,dc=com ldap_schema = rfc2307bis ldap_group_object_class = groupOfNames timeout = 600 ldap_pwd_policy = shadow
I tried different values for number of process and maximum delay in milliseconds {1..12}x{50ms..300ms/step 10ms}
My laptop has 4 cores and "Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz"
There have to be something different in my configuration. Could you provide more information how to reproduce?
Mmmm...
This is our domain section :
[domain/pasteur_ldap_home] ldap_tls_reqcert = allow auth_provider = ldap ldap_schema = rfc2307 ldap_search_base = xxxx ldap_group_search_base = xxxx id_provider = ldap ldap_id_use_start_tls = True chpass_provider = none ldap_uri = ldap://xxxx/ cache_credentials = True ldap_tls_cacertdir = /etc/openldap/certs ldap_network_timeout = 3 ldap_page_size = 500 debug_level = 0x77F0
We're using rfc2307 schema and default ldap_group_object_class value (posixGroup). Besides that, I don't see what could explain that you can't reproduce the problem. Chris Petty is using AD hence rc2307bis schema. So I don't know if it is relevant.
Just to sure, did you log as root (no sudo), stopped sssd, cleanup the cache, restarting it (all as root without sudo), and ran the script (as root) ?
# (logged as root) # /etc/init.d/sssd stop && rm -f /var/lib/sss/mc/* /var/lib/sss/db/* && /etc/init.d/sssd start # python initgroups.py jbdenis 110 5 24 200
Sometimes I have to perform these steps multiple time to catch the problem.
Jean-Baptiste
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users