Using the "Steps to verify" as given in the earlier comment, the following results are seen: 1. With ldap_sasl_canonicalize = False (default settings), lookup and auth ldap user works fine. 2. With ldap_sasl_canonicalize = True, lookup and auth fails with error "GSSAPI Error: An invalid name was supplied (Hostname cannot be canonicalized)" Verified in version: # rpm -qi sssd | head Name : sssd Relocations: (not relocatable) Version : 1.5.1 Vendor: Red Hat, Inc. Release : 47.el5 Build Date: Tue 13 Dec 2011 08:49:10 AM EST Install Date: Mon 02 Jan 2012 02:03:05 AM EST Build Host: x86-007.build.bos.redhat.com Group : Applications/System Source RPM: sssd-1.5.1-47.el5.src.rpm Size : 3679892 License: GPLv3+ Signature : DSA/SHA1, Wed 14 Dec 2011 12:17:11 PM EST, Key ID fd372689897da07a Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://fedorahosted.org/sssd/ Summary : System Security Services Daemon
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0164.html