Bug 984285 - sssd-ad doesn't enumerate users
sssd-ad doesn't enumerate users
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: sssd (Show other bugs)
19
All Linux
unspecified Severity medium
: ---
: ---
Assigned To: Jakub Hrozek
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-14 09:35 EDT by Colin.Simpson
Modified: 2013-07-15 06:15 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-07-15 06:15:39 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Colin.Simpson 2013-07-14 09:35:27 EDT
Description of problem:

When I try to run "getent passwd" or "getent group" I just see the local users (or groups). This is despite having "enumeration = True" set. 

The users all look up correctly if I specify individual names on the getent command line. Everything seems okay apart from the lack of enumeration of the users (can login correctly etc).

Prepared to admit something might be wrong in my setup but don't know what.

Version-Release number of selected component (if applicable):

sssd-ad-1.10.0-16.fc19.x86_64

How reproducible:

All the time

Steps to Reproduce:
1. Joined domain with realm command.
2. Set for my needs "ldap_id_mapping = False" and "ldap_id_mapping = False"
3. Also have an "override_homedir = /home/%u" 
4. getent passwd shows only local users. getent group shows only local groups.


Actual results:
Local User list (and local group list for that group query)

Expected results:
Complete list of local & domain users. (and groups for group query)

Additional info:

Tried running with "/usr/sbin/sssd -i -d 0xFFF0" for debug. Couldn't spot very much except it says:

(Sun Jul 14 12:50:41 2013) [sssd[pam]] [confdb_get_domain_internal] (0x0400): No enumeration for [iongeo.lan]!

My sssd.conf file consists of

sssd]
domains = iongeo.lan
config_file_version = 2
services = nss, pam

[nss]
default_shell = /bin/bash

[domain/iongeo.lan]
enumeration = True
override_homedir = /home/%u
ad_domain = iongeo.lan
krb5_realm = IONGEO.LAN
realmd_tags = manages-system
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
ldap_id_mapping = False
use_fully_qualified_names = False
fallback_homedir = /home/%d/%u
access_provider = ad
Comment 1 Colin.Simpson 2013-07-14 09:37:59 EDT
Typo, I meant my main changes from the realmd auto setup were:

ldap_id_mapping = False
use_fully_qualified_names = False
override_homedir = /home/%u
Comment 2 Lukas Slebodnik 2013-07-15 03:30:53 EDT
man sssd.conf
     enumerate (bool)
           Determines if a domain can be enumerated. 

Did you add "enumeration = True" alone? You did not mention it in "comment 1".
Where did you find an option enumeration.
Comment 3 Colin.Simpson 2013-07-15 04:15:18 EDT
You mean beyond "enumeration = True" I had in my sssd.conf under the "[domain/iongeo.lan]" line?

Or maybe something I'm not getting.
Comment 4 Pavel Březina 2013-07-15 04:27:38 EDT
Hello,
"enumeration" is invalid option name. The correct option you want to use is "enumerate". Simply change "enumeration = True" to "enumerate = True" and the enumeration should work.
Comment 5 Colin.Simpson 2013-07-15 05:39:48 EDT
Doh!

Sorry about the extra noise, that indeed has made it work properly.
Comment 6 Pavel Březina 2013-07-15 06:15:39 EDT
You're welcome. Closing as not a bug.

Note You need to log in before you can comment on or make changes to this bug.