Learn more about these different git repos.
Other Git URLs
https://bugzilla.redhat.com/show_bug.cgi?id=818642 (Red Hat Enterprise Linux 6)
Description of problem: Auth fails for user with non-default attribute names Version-Release number of selected component (if applicable): 1.8.0-25 How reproducible: Always Steps to Reproduce: 1.Setup openldap server with non-default attributes. 2. Add a user, group with non-default attributes: dn: uid=nd_user1,dc=example,dc=com objectClass: account objectClass: posixAccount1 cn1: nd_user1 uid1: nd_user1 uidNumber1: 12321 gidNumber1: 12321 homeDirectory1: /home/nd_user1 loginShell1: /bin/bash gecos1: NONDEFAULT USER1 userPassword: Secret123 dn: cn=nd_user1_grp1,dc=example,dc=com gidNumber1: 12321 cn1: nd_user1_grp1 objectClass: posixGroup1 objectClass: extensibleObject memberUid1: nd_user1 3. Setup sssd.conf domain section as follows: [domain/LDAP] id_provider = ldap ldap_uri = ldap://ldapsrv.example.com ldap_search_base = dc=example,dc=com debug_level = 0xFFF0 ldap_tls_cacert = /etc/openldap/certs/server.pem ldap_user_object_class = posixAccount1 ldap_user_name = uid1 ldap_user_uid_number = uidNumber1 ldap_user_gid_number = gidNumber1 ldap_user_gecos = gecos1 ldap_user_home_directory = homeDirectory1 ldap_user_shell = loginShell1 ldap_group_object_class = posixGroup1 ldap_group_gid_number = gidNumber1 ldap_group_member = memberUid1 4. Lookup user and group: # getent -s sss passwd nd_user1 nd_user1:*:12321:12321:NONDEFAULT USER1:/home/nd_user1:/bin/bash # getent -s sss group nd_user1_grp1 nd_user1_grp1:*:12321:nd_user1 # id nd_user1 uid=12321(nd_user1) gid=12321(nd_user1_grp1) groups=12321(nd_user1_grp1) 5. Try to auth as the user # ssh -l nd_user1 localhost nd_user1@localhost's password: Permission denied, please try again. nd_user1@localhost's password: Actual results: Auth fails Expected results: Auth should succeed Additional info: 1. /var/log/sssd/sssd_LDAP.log shows: (Thu May 3 19:56:22 2012) [sssd[be[LDAP]]] [sdap_save_users] (0x4000): User 0 processed! (Thu May 3 19:56:22 2012) [sssd[be[LDAP]]] [sdap_check_aliases] (0x2000): Could not get UID (Thu May 3 19:56:22 2012) [sssd[be[LDAP]]] [sdap_save_users] (0x0040): Failed to check aliases for user 0. Ignoring. (Thu May 3 19:56:22 2012) [sssd[be[LDAP]]] [ldb] (0x4000): commit ldb transaction (nesting: 0) (Thu May 3 19:56:22 2012) [sssd[be[LDAP]]] [sdap_get_users_process] (0x4000): Saving 1 Users - Done 2. /var/log/secure shows: May 3 19:55:22 dhcp201-132 sshd[8533]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost user=nd_user1 May 3 19:55:22 dhcp201-132 sshd[8533]: pam_sss(sshd:auth): received for user nd_user1: 10 (User not known to the underlying authentication module) May 3 19:55:24 dhcp201-132 sshd[8533]: Failed password for nd_user1 from ::1 port 48696 ssh2
Fields changed
blockedby: => blocking: => coverity: => feature_milestone: => keywords: => Regression milestone: NEEDS_TRIAGE => SSSD 1.8.3 (LTM) owner: somebody => jhrozek priority: major => blocker tests: => 0 testsupdated: => 0 upgrade: => 0
patch: 0 => 1 status: new => assigned
Fixed by: - dbdf691 (master) - 71107a6 (sssd-1-8)
resolution: => fixed status: assigned => closed
Metadata Update from @sgallagh: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.8.3 (LTM)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2362
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.