Description of problem: sssd does not provide maps for automounter when AD schema (RFC2307) is being used. My config: [root@dorado3 ~]# ldbsearch -H /var/lib/sss/db/config.ldb server_sort:Unable to register control with rootdse! # record 1 dn: cn=default,cn=domain,cn=config auth_provider: krb5 autofs_provider: ldap cache_credentials: True chpass_provider: krb5 cn: default debug_level: 17 dns_discovery_domain: Prague._sites.dublin.ad.s3group.com id_provider: ldap krb5_canonicalize: False krb5_realm: DUBLIN.AD.S3GROUP.COM krb5_renew_interval: 3600 krb5_renewable_lifetime: 30d ldap_autofs_entry_key: cn ldap_autofs_entry_object_class: nisObject ldap_autofs_entry_value: nisMapEntry ldap_autofs_map_name: nisMapName ldap_autofs_map_object_class: nisMap ldap_autofs_search_base: CN=prague,CN=NIS,DC=dublin,DC=ad,DC=s3group,DC=com ldap_group_object_class: group ldap_id_use_start_tls: False ldap_sasl_authid: DORADO3$@DUBLIN.AD.S3GROUP.COM ldap_sasl_mech: GSSAPI ldap_schema: rfc2307bis ldap_search_base: dc=dublin,dc=ad,dc=s3group,dc=com ldap_tls_cacertdir: /etc/openldap/cacerts ldap_user_home_directory: unixHomeDirectory ldap_user_object_class: user distinguishedName: cn=default,cn=domain,cn=config # record 2 dn: cn=sssd,cn=config cn: sssd config_file_version: 2 debug_level: 17 domains: default services: nss, pam, autofs distinguishedName: cn=sssd,cn=config # record 3 dn: cn=config version: 2 lastUpdate: 1336729570 distinguishedName: cn=config # record 4 dn: cn=nss,cn=config cn: nss distinguishedName: cn=nss,cn=config # record 5 dn: cn=example.com,cn=domain,cn=config access_provider: ipa auth_provider: ipa cache_credentials: True chpass_provider: ipa cn: example.com id_provider: ipa ipa_domain: example.com ipa_server: _srv_, polaris.example.com distinguishedName: cn=example.com,cn=domain,cn=config # record 6 dn: cn=autofs,cn=config cn: autofs debug_level: 10 distinguishedName: cn=autofs,cn=config # record 7 dn: cn=pam,cn=config cn: pam distinguishedName: cn=pam,cn=config # returned 7 records # 7 entries # 0 referrals The sssd_default.log shows that maps were found successfully, but no maps are located in sssd cache as per: ldbsearch -H /var/lib/sss/db/cache_default.ldb '(|(objectclass=nisMap)(objectclass=nisObject))' Version-Release number of selected component (if applicable): [root@dorado3 ~]# rpm -qa | grep sss sssd-1.8.3-11.fc17.x86_64 libsss_autofs-1.8.3-11.fc17.x86_64 libsss_sudo-1.8.3-11.fc17.x86_64 sssd-client-1.8.3-11.fc17.x86_64 How reproducible: always Steps to Reproduce: 1. configure automounter to get maps from sss 2. try 'automount -m' 3. Actual results: Maps should be visible in the output Expected results: no maps are seen Additional info:
Upstream ticket: https://fedorahosted.org/sssd/ticket/1338
(In reply to comment #0) > ldbsearch -H /var/lib/sss/db/cache_default.ldb > '(|(objectclass=nisMap)(objectclass=nisObject))' > This search wouldn't return anything, because even if you override the default attributes in the SSSD config file, the SSSD internally translates them into harcoded cache attributes. What you want to run is: # ldbsearch -H /var/lib/sss/db/cache_ipaldap.ldb '(|(objectclass=automount)(objectclass=automountMap))' Also, can you include a more complete log (than the one sent privately) ? In the domain log, I'm interested in everything between "be_autofs_handler" until "be_autofs_handler_callback". That should tell us whether the back end saves the data correctly into the cache and whether we should be looking at a bug in the responder or in the back end next.
(In reply to comment #2) > # ldbsearch -H /var/lib/sss/db/cache_ipaldap.ldb Err, obviously, replace the path to a real one to your cache. Sorry.
Requested details were sent privately by mail.
Patch committed upstream. Will be built for Fedora when we release 1.8.4 next week.
sssd-1.8.4-12.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/sssd-1.8.4-12.fc17
sssd-1.8.4-12.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/sssd-1.8.4-12.fc16
Package sssd-1.8.4-12.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing sssd-1.8.4-12.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-8700/sssd-1.8.4-12.fc16 then log in and leave karma (feedback).
sssd-1.8.4-12.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
sssd-1.8.4-12.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.