SSSD и LDAP: пользователь не предоставил uid
Я пытался интегрировать sssd с LDAP. Мы используем OUD в нашей среде.
Пользователь, содержащий 12 символов в своем uid, не может подключиться к серверу, что приводит к ошибке в журнале: uid не указан...
(Thu May 18 10:47:23 2017) [sssd[be[LDAP]]] [sdap_get_primary_name]
(0x0400): Processing object 820115302022
(Thu May 18 10:47:23 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0400):
Processing user 820115302022@ldap
(Thu May 18 10:47:23 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0020): no
uid provided for [820115302022@ldap] in domain [LDAP].
(Thu May 18 10:47:23 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0020):
Failed to save user [**820115302022**@ldap]
(Thu May 18 10:47:23 2017) [sssd[be[LDAP]]] [sdap_save_users] (0x0040):
Failed to store user 0. Ignoring.
Поэтому я создал нового пользователя с менее чем, например, 5 символами в его uid, который равен uid=32001. Этот пользователь успешно подключается.
Я искал, есть ли какие-то ограничения на длину uid, которые могут иметь пользователи при использовании sssd, но я до сих пор не нашел ответа. Кто-нибудь знает, в чем причина этой ошибки и как я могу ее решить?
1 ответ
Используемым нами сервером каталогов является OUD (Oracle Unified Directory), а используемые uid и gid являются атрибутами в классах объектов posixAccount и posixGroup. Мы также протестировали других пользователей, и проблема возникает, когда пользователь имеет в своем идентификаторе больше 11 символов chacaters. Вот журнал для пользователя, который имеет 11 символов и не может войти.
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_get_account_info_handler]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_attach_req] (0x0400): DP
Request [Account #82]: New request. Flags [0x0001].
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_attach_req] (0x0400): Number
of active DP request: 1
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_search_user_next_base]
(0x0400): Searching for users with base [cn=users,dc=mzsr,dc=kz]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x0400): calling ldap_search_ext with [(&(uid=32000000001)
(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))]
[cn=users,dc=mzsr,dc=kz].
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [objectClass]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [uid]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [userPassword]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [uidNumber]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [gidNumber]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [gecos]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [homeDirectory]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [loginShell]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [krbPrincipalName]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [cn]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [modifyTimestamp]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [modifyTimestamp]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [shadowLastChange]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [shadowMin]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [shadowMax]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [shadowWarning]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [shadowInactive]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [shadowExpire]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [shadowFlag]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [krbLastPwdChange]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [krbPasswordExpiration]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [pwdAttribute]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [authorizedService]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [accountExpires]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [userAccountControl]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [nsAccountLock]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [host]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [loginDisabled]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [loginExpirationTime]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [loginAllowedTimeMap]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [sshPublicKey]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]
(0x1000): Requesting attrs: [mail]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_parse_entry] (0x1000):
OriginalDN: [uid=32000000001,cn=users,dc=mzsr,dc=kz].
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_op_finished]
(0x0400): Search result: Success(0), no errmsg set
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_search_user_process]
(0x0400): Search for users, returned 1 results.
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0400): Save
user
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_attrs_get_sid_str]
(0x1000): No [objectSID] attribute. [0][Success]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_primary_name]
(0x0400): Processing object 32000000001
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0400):
Processing user 32000000001@ldap
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0020): no
uid provided for [32000000001@ldap] in domain [LDAP].
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0020):
Failed to save user [32000000001@ldap]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_save_users] (0x0040):
Failed to store user 0. Ignoring.
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_req_done] (0x0400): DP
Request [Account #82]: Request handler finished [0]: Success
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [_dp_req_recv] (0x0400): DP
Request [Account #82]: Receiving request data.
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_req_reply_list_success]
(0x0400): DP Request [Account #82]: Finished. Success.
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_req_reply_std] (0x1000): DP
Request [Account #82]: Returning [Success]: 0,0,Success
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_table_value_destructor]
(0x0400): Removing [0:1:0x0001:1:1::LDAP:name=32000000001@ldap] from reply
table
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_req_destructor] (0x0400): DP
Request [Account #82]: Request removed.
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_req_destructor] (0x0400):
Number of active DP request: 0