Red Hat Bugzilla – Bug 784870
SSSD fails during autodetection of search bases for new LDAP features
Last modified: 2013-05-28 16:42:35 EDT
+++ This bug was initially created as a clone of Bug #773706 +++
Created attachment 552449 [details]
Description of problem:
With sssd-1.7.0-1.fc16.i686 I'm getting expired kerberos tickets on login.
It appears to not setup the ldap server properly.
--- Additional comment from firstname.lastname@example.org on 2012-01-12 13:23:21 EST ---
The issue here is that the LDAP server in question has multiple entries for 'namingContexts' in the rootDSE, but does not have a 'defaultNamingContext' attribute to identify which is the primary.
However, this should only be necessary if there are ldap_*_search_base attributes that were not populated by the config file. In this particular user's case, the ldap_search_base option is in use, which should be sufficient.
So the correct fix here is to identify why we're caring about the inability to identify the default naming context, since we aren't using it for anything.
Thanks for the bug report.
--- Additional comment from email@example.com on 2012-01-26 07:50:51 EST ---
It is already in. We just missed it in filing errata.
need steps to verify this issue
Verified on sssd-1.8.0-32.el6.
This bug has been verified sanity only and no related regressions detected.
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
No documentation required
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.