Bug 984285

Summary: sssd-ad doesn't enumerate users
Product: [Fedora] Fedora Reporter: Colin.Simpson
Component: sssdAssignee: Jakub Hrozek <jhrozek>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 19CC: jhrozek, lslebodn, okos, pbrezina, sbose, sgallagh, ssorce
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-07-15 10:15:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Colin.Simpson 2013-07-14 13:35:27 UTC
Description of problem:

When I try to run "getent passwd" or "getent group" I just see the local users (or groups). This is despite having "enumeration = True" set. 

The users all look up correctly if I specify individual names on the getent command line. Everything seems okay apart from the lack of enumeration of the users (can login correctly etc).

Prepared to admit something might be wrong in my setup but don't know what.

Version-Release number of selected component (if applicable):

sssd-ad-1.10.0-16.fc19.x86_64

How reproducible:

All the time

Steps to Reproduce:
1. Joined domain with realm command.
2. Set for my needs "ldap_id_mapping = False" and "ldap_id_mapping = False"
3. Also have an "override_homedir = /home/%u" 
4. getent passwd shows only local users. getent group shows only local groups.


Actual results:
Local User list (and local group list for that group query)

Expected results:
Complete list of local & domain users. (and groups for group query)

Additional info:

Tried running with "/usr/sbin/sssd -i -d 0xFFF0" for debug. Couldn't spot very much except it says:

(Sun Jul 14 12:50:41 2013) [sssd[pam]] [confdb_get_domain_internal] (0x0400): No enumeration for [iongeo.lan]!

My sssd.conf file consists of

sssd]
domains = iongeo.lan
config_file_version = 2
services = nss, pam

[nss]
default_shell = /bin/bash

[domain/iongeo.lan]
enumeration = True
override_homedir = /home/%u
ad_domain = iongeo.lan
krb5_realm = IONGEO.LAN
realmd_tags = manages-system
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
ldap_id_mapping = False
use_fully_qualified_names = False
fallback_homedir = /home/%d/%u
access_provider = ad

Comment 1 Colin.Simpson 2013-07-14 13:37:59 UTC
Typo, I meant my main changes from the realmd auto setup were:

ldap_id_mapping = False
use_fully_qualified_names = False
override_homedir = /home/%u

Comment 2 Lukas Slebodnik 2013-07-15 07:30:53 UTC
man sssd.conf
     enumerate (bool)
           Determines if a domain can be enumerated. 

Did you add "enumeration = True" alone? You did not mention it in "comment 1".
Where did you find an option enumeration.

Comment 3 Colin.Simpson 2013-07-15 08:15:18 UTC
You mean beyond "enumeration = True" I had in my sssd.conf under the "[domain/iongeo.lan]" line?

Or maybe something I'm not getting.

Comment 4 Pavel Březina 2013-07-15 08:27:38 UTC
Hello,
"enumeration" is invalid option name. The correct option you want to use is "enumerate". Simply change "enumeration = True" to "enumerate = True" and the enumeration should work.

Comment 5 Colin.Simpson 2013-07-15 09:39:48 UTC
Doh!

Sorry about the extra noise, that indeed has made it work properly.

Comment 6 Pavel Březina 2013-07-15 10:15:39 UTC
You're welcome. Closing as not a bug.