Hi All,
The issue is: I'm using "authconfig --enablesssd --enablesssdauth --enablelocauthorze --update" to configure the /etc/nsswitch
The authconfig put in the entry like this : "services: files sss"
So what happens is, LDAP server is getting a lot of requests like this: *[***sanitzied fields***] filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))" attrs="objectClass cn ipServicePort ipServiceProtocol modifyTimestamp"*
I don't see any options that authconfig has to avoid including sss in nss services for now. So is there anything I can use on the SSSD side to filter out nss services requests ?
Thanks, Aaron
On Thu, Dec 03, 2015 at 04:05:04PM -0800, aaron wang wrote:
Hi All,
The issue is: I'm using "authconfig --enablesssd --enablesssdauth --enablelocauthorze --update" to configure the /etc/nsswitch
The authconfig put in the entry like this : "services: files sss"
So what happens is, LDAP server is getting a lot of requests like this: *[***sanitzied fields***] filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))" attrs="objectClass cn ipServicePort ipServiceProtocol modifyTimestamp"*
I don't see any options that authconfig has to avoid including sss in nss services for now. So is there anything I can use on the SSSD side to filter out nss services requests ?
Thanks, Aaron
There is no such option, but I think this is a very resonable request, can you open a ticket at: https://fedorahosted.org/sssd/newticket please?
On (04/12/15 09:19), Jakub Hrozek wrote:
On Thu, Dec 03, 2015 at 04:05:04PM -0800, aaron wang wrote:
Hi All,
The issue is: I'm using "authconfig --enablesssd --enablesssdauth --enablelocauthorze --update" to configure the /etc/nsswitch
The authconfig put in the entry like this : "services: files sss"
So what happens is, LDAP server is getting a lot of requests like this: *[***sanitzied fields***] filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))" attrs="objectClass cn ipServicePort ipServiceProtocol modifyTimestamp"*
I don't see any options that authconfig has to avoid including sss in nss services for now. So is there anything I can use on the SSSD side to filter out nss services requests ?
Thanks, Aaron
There is no such option, but I think this is a very resonable request, can you open a ticket at: https://fedorahosted.org/sssd/newticket please?
I think it should be a RFE for authconfig and not sssd.
LS
Hi Jakub,
I will open a ticket for adding the option in [nss] section.
But as for now, is there any option in [domain] section I may use to filter this ?
Thanks, Aaron
On Fri, Dec 4, 2015 at 1:56 AM, Lukas Slebodnik lslebodn@redhat.com wrote:
On (04/12/15 09:19), Jakub Hrozek wrote:
On Thu, Dec 03, 2015 at 04:05:04PM -0800, aaron wang wrote:
Hi All,
The issue is: I'm using "authconfig --enablesssd --enablesssdauth --enablelocauthorze --update" to configure the /etc/nsswitch
The authconfig put in the entry like this : "services: files sss"
So what happens is, LDAP server is getting a lot of requests like this: *[***sanitzied fields***] filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))" attrs="objectClass cn ipServicePort ipServiceProtocol modifyTimestamp"*
I don't see any options that authconfig has to avoid including sss in
nss
services for now. So is there anything I can use on the SSSD side to
filter
out nss services requests ?
Thanks, Aaron
There is no such option, but I think this is a very resonable request, can you open a ticket at: https://fedorahosted.org/sssd/newticket please?
I think it should be a RFE for authconfig and not sssd.
LS _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
Hi Lucas,
I will file a RFE for authconfig as well. Do you know where is the best place (or mailing list) to get the attention from authconfig guys ?
Thanks, Aaron
On Fri, Dec 4, 2015 at 1:56 AM, Lukas Slebodnik lslebodn@redhat.com wrote:
On (04/12/15 09:19), Jakub Hrozek wrote:
On Thu, Dec 03, 2015 at 04:05:04PM -0800, aaron wang wrote:
Hi All,
The issue is: I'm using "authconfig --enablesssd --enablesssdauth --enablelocauthorze --update" to configure the /etc/nsswitch
The authconfig put in the entry like this : "services: files sss"
So what happens is, LDAP server is getting a lot of requests like this: *[***sanitzied fields***] filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))" attrs="objectClass cn ipServicePort ipServiceProtocol modifyTimestamp"*
I don't see any options that authconfig has to avoid including sss in
nss
services for now. So is there anything I can use on the SSSD side to
filter
out nss services requests ?
Thanks, Aaron
There is no such option, but I think this is a very resonable request, can you open a ticket at: https://fedorahosted.org/sssd/newticket please?
I think it should be a RFE for authconfig and not sssd.
LS _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
On Fri, Dec 04, 2015 at 02:27:17AM -0800, aaron wang wrote:
Hi Jakub,
I will open a ticket for adding the option in [nss] section.
But as for now, is there any option in [domain] section I may use to filter this ?
You can remove 'sss' from the 'services' line in nsswitch.conf
Thanks, Aaron
On Fri, Dec 4, 2015 at 1:56 AM, Lukas Slebodnik lslebodn@redhat.com wrote:
On (04/12/15 09:19), Jakub Hrozek wrote:
On Thu, Dec 03, 2015 at 04:05:04PM -0800, aaron wang wrote:
Hi All,
The issue is: I'm using "authconfig --enablesssd --enablesssdauth --enablelocauthorze --update" to configure the /etc/nsswitch
The authconfig put in the entry like this : "services: files sss"
So what happens is, LDAP server is getting a lot of requests like this: *[***sanitzied fields***] filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))" attrs="objectClass cn ipServicePort ipServiceProtocol modifyTimestamp"*
I don't see any options that authconfig has to avoid including sss in
nss
services for now. So is there anything I can use on the SSSD side to
filter
out nss services requests ?
Thanks, Aaron
There is no such option, but I think this is a very resonable request, can you open a ticket at: https://fedorahosted.org/sssd/newticket please?
I think it should be a RFE for authconfig and not sssd.
LS _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
On (04/12/15 02:30), aaron wang wrote:
Hi Lucas,
I will file a RFE for authconfig as well. Do you know where is the best place (or mailing list) to get the attention from authconfig guys ?
I ask authconfig developer and he recommend to file a bugzilla ticket https://bugzilla.redhat.com/ to authconfig.
But he also mention he does not have a lot of free resources for authconfig.
So the simplest workaround might be to manually remove sss for services in /etc/nsswitch.conf
LS
On Fri, Dec 04, 2015 at 10:56:26AM +0100, Lukas Slebodnik wrote:
On (04/12/15 09:19), Jakub Hrozek wrote:
On Thu, Dec 03, 2015 at 04:05:04PM -0800, aaron wang wrote:
Hi All,
The issue is: I'm using "authconfig --enablesssd --enablesssdauth --enablelocauthorze --update" to configure the /etc/nsswitch
The authconfig put in the entry like this : "services: files sss"
So what happens is, LDAP server is getting a lot of requests like this: *[***sanitzied fields***] filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))" attrs="objectClass cn ipServicePort ipServiceProtocol modifyTimestamp"*
I don't see any options that authconfig has to avoid including sss in nss services for now. So is there anything I can use on the SSSD side to filter out nss services requests ?
Thanks, Aaron
There is no such option, but I think this is a very resonable request, can you open a ticket at: https://fedorahosted.org/sssd/newticket please?
I think it should be a RFE for authconfig and not sssd.
LS
Yes, but I still think a ticket for filter_services would be valid (not urgent, though, most users would be OK with removing sss from services).
sssd-users@lists.fedorahosted.org