Hide Forgot
Description of problem: From https://fedorahosted.org/sssd/ticket/807 See https://fedorahosted.org/freeipa/ticket/1001 and the bug linked from there. The problem is that IPA seems to be deriving its Base DN from the Kerberos realm. SSSD derives it from IPA domain. In 99% of cases the two are the same, but there's no requirement on it, so we should use the realm, too.
Verified using: sssd-1.5.5-0.20110405T0615z.el6.x86_64 installed ipa server as - ipa-server-install --setup-dns --forwarder=10.14.63.12 -p Secret123 -P Secret123 -a Secret123 -r QWQW and verified sssd.conf, and default.conf have the right entries: sssd.conf: section for [domain/testrelm] includes: krb5_realm = QWQW ipa_domain = testrelm section for [domain/default] includes: krb5_realm = QWQW default.conf includes: basedn=dc=qwqw realm=QWQW domain=testrelm xmlrpc_uri=https://rhel61-server5.testrelm/ipa/xml ldap_uri=ldapi://%2fvar%2frun%2fslapd-QWQW.socket also verified kinit # kinit admin Password for admin@QWQW:
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2011-0560.html