Bug 795502

Summary: sssd fails to use ldap server
Product: [Fedora] Fedora Reporter: Orion Poplawski <orion>
Component: sssdAssignee: Stephen Gallagher <sgallagh>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 17CC: jhrozek, sbose, sgallagh, ssorce
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-02-20 13:14:44 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Attachments:
Description Flags
sssd logs none

Description Orion Poplawski 2012-02-20 13:03:31 EST
Created attachment 564492 [details]
sssd logs

Description of problem:

Fresh F17 Alpha install.  sssd cannot use the ldap server.

Most relevant error seems to be:

(Mon Feb 20 11:01:25 2012) [sssd[be[default]]] [sdap_get_rootdse_send] (0x4000): Getting rootdse
(Mon Feb 20 11:01:25 2012) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][].
(Mon Feb 20 11:01:25 2012) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [*]
(Mon Feb 20 11:01:25 2012) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [altServer]
(Mon Feb 20 11:01:25 2012) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [namingContexts]
(Mon Feb 20 11:01:25 2012) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedControl]
(Mon Feb 20 11:01:25 2012) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedExtension]
(Mon Feb 20 11:01:25 2012) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedFeatures]
(Mon Feb 20 11:01:25 2012) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedLDAPVersion]
(Mon Feb 20 11:01:25 2012) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedSASLMechanisms]
(Mon Feb 20 11:01:25 2012) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [defaultNamingContext]
(Mon Feb 20 11:01:25 2012) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [lastUSN]
(Mon Feb 20 11:01:25 2012) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [highestCommittedUSN]
(Mon Feb 20 11:01:25 2012) [sssd[be[default]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 2
(Mon Feb 20 11:01:25 2012) [sssd[be[default]]] [sdap_process_result] (0x2000): Trace: sh[0x7f3a4c0e3910], connected[1], ops[0x7f3a4c0e2bb0], ldap[0x7f3a4c0d7c10]
(Mon Feb 20 11:01:25 2012) [sssd[be[default]]] [sdap_process_result] (0x0100): ldap_result gave -1, something bad happend!


On ldap (389) server:

[20/Feb/2012:10:46:35 -0700] conn=335859 fd=313 slot=313 connection from 10.10.41.12 to 10.10.10.1
[20/Feb/2012:10:46:35 -0700] conn=335859 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS"
[20/Feb/2012:10:46:35 -0700] conn=335859 op=0 RESULT err=0 tag=120 nentries=0 etime=0
[20/Feb/2012:10:46:35 -0700] conn=335859 SSL 256-bit AES
[20/Feb/2012:10:46:35 -0700] conn=335859 op=1 SRCH base="" scope=0 filter="(objectClass=*)" attrs="* altServer namingContexts supportedControl supportedExtension supportedFeatures supportedLDAPVersion supportedSASLMechanisms defaultnamingcontext lastusn highestcommittedusn aci"
[20/Feb/2012:10:46:35 -0700] conn=335859 op=2 ABANDON targetop=1 msgid=2 nentries=0 etime=0
[20/Feb/2012:10:46:35 -0700] conn=335859 op=3 UNBIND
[20/Feb/2012:10:46:35 -0700] conn=335859 op=3 fd=313 closed - U1


sssd.conf:
[domain/default]

ldap_id_use_start_tls = True
cache_credentials = True
ldap_search_base = dc=nwra,dc=com
krb5_realm = CORA.NWRA.COM
krb5_server = kerberos.cora.nwra.com
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_uri = ldap://ldap.cora.nwra.com/
krb5_kpasswd = kerberos.cora.nwra.com
ldap_tls_cacertdir = /etc/openldap/cacerts
debug_level = 0xFFF0

[sssd]
services = nss, pam
config_file_version = 2

domains = default
debug_level = 0x00F0
[nss]

[pam]

[sudo]

[autofs]

[ssh]


Version-Release number of selected component (if applicable):
sssd-1.8.0-4.fc17.beta3.x86_64
Comment 1 Simo Sorce 2012-02-20 13:14:44 EST

*** This bug has been marked as a duplicate of bug 771484 ***