Learn more about these different git repos.
Other Git URLs
https://bugzilla.redhat.com/show_bug.cgi?id=825837 (Red Hat Enterprise Linux 6)
Description of problem: When sssd.conf is configured with ldap_sasl_minssf = 999 (high values), user lookups via sssd should display error message. An "Unknown authentication method" error message should be logged in sssd domain log file which is not happening s390x and ppc64 architectures. However, user lookups using ldapsearch command displays proper error message. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Setup sssd client as given below: [sssd] config_file_version = 2 sbus_timeout = 30 services = nss, pam domains = LDAP-KRB5 [nss] filter_groups = root filter_users = root debug_level=0xFFF0 [pam] [domain/LDAP-KRB5] debug_level=0xFFF0 id_provider = ldap ldap_uri = ldap://URI ldap_search_base = dc=example,dc=com auth_provider = krb5 krb5_server = <KRB-SERVER> krb5_realm = EXAMPLE.COM ldap_sasl_mech = GSSAPI ldap_sasl_authid = host/<client> ldap_sasl_minssf=999 2. Clear the cache and restart SSSD service 3. Verify if ldap user lookup works fine without any error by running the below command: # id ldapuser uid=1001(ldapuser) gid=1001 groups=1001 4. Now, run ldapsearch against the same user, as given below: # ldapsearch -Y GSSAPI -h <ldap-server> -b "dc=example,dc=com" -O minssf=999 uid=ldapuser ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available: No worthy mechs found Actual results: Following error message is not logged in the sssd_DOMAIN.log file: "ldap_sasl_bind failed (-6)[Unknown authentication method]" At the same time, ldapsearch command displays appropriate error message for the same user. Expected results: Appropriate error message in the sssd_DOMAIN.log file.
Fields changed
blockedby: => blocking: => coverity: => feature_milestone: => patch: 0 => 1 tests: => 0 testsupdated: => 0 upgrade: => 0
Patch is on list, can be moved to beta 5, due today.
milestone: NEEDS_TRIAGE => SSSD 1.9.0 beta 5
master: bc76428
resolution: => fixed status: new => closed
Metadata Update from @sgallagh: - Issue marked as blocked by: #1423 - Issue set to the milestone: SSSD 1.9.0 beta 5
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2464
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.