使sssd尊重可接受目录嵌套组
使sssd尊重可接受目录嵌套组
提问于 2015-01-27 13:44:01
我设法使sssd正常工作,getent passwd *username*和getent group还返回AD数据。我现在面临中嵌套组的问题。
在AD中,我拥有整个部门的超级团队。这个组的成员是用户。
Department group: CN=123 - DepartmentName,OU=departments,OU=SecurityGroups,DC=company,DC=country
member CN=Benny Bob,OU=123 - DepartmentName,OU=other,OU=info,DC=company,DC=country
member CN=Billy Bob,OU=123 - DepartmentName,OU=other,OU=info,DC=company,DC=country
memberOf CN=RepositoryAuthorization,OU=Roles,OU=SecurityGroups,DC=company,DC=country我也有一些用户,例如:
User : CN=Benny Bob,OU=xxx - DepartmentName,OU=other,OU=info,DC=company,DC=country
memberOf CN=xxx - DepartmentName,OU=departments,OU=SecurityGroups,DC=company,DC=country (The department group)
memberOf CN=ServerAuthorization,OU=Roles,OU=SecurityGroups,DC=company,DC=country当我调用getent group | grep ServerAuthorization时,用户(直接链接到组)显示得很好。但是,当我调用getent group | grep RepositoryAuthorization时,它们被显示为没有成员。RepositoryAuthorization是部门组的成员,用户是该组的成员。所以它是一个嵌套的组。
我认为这是我的sssd设置的一个问题。编辑:这似乎不是嵌套方向的问题。似乎某些组根本没有被SSSD检索。
OU=Roles,OU=Security Groups....中的所有组都由getent group返回。然而,OU=Departments,OU=Security Groups....中的组不是。
设置为ldap_group_search_base = OU=Security Groups...和“ldap_group_nesting_level=100”
这是getent group调用(Loglevel 7)的日志,我对此特别感兴趣:
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x0080): ldap_search_ext failed: Bad search filter
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_done] (0x0100): sdap_get_generic_ext_recv failed [1432158235]: Malformed search filter
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,1432158235,Init group lookup failed全日志:
(Tue Jan 27 15:58:15 2015) [sssd[be[Company.dk]]] [be_get_account_info] (0x0100): Got request for [4098][1][*]
(Tue Jan 27 15:58:15 2015) [sssd[be[Company.dk]]] [be_req_set_domain] (0x0400): Changing request domain from [Company.dk] to [Company.dk]
(Tue Jan 27 15:58:15 2015) [sssd[be[Company.dk]]] [sdap_handle_acct_req_send] (0x1000): Skipping group enumeration on demand
(Tue Jan 27 15:58:15 2015) [sssd[be[Company.dk]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [be_get_account_info] (0x0100): Got request for [4099][1][name=localUser]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [be_req_set_domain] (0x0400): Changing request domain from [Company.dk] to [Company.dk]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_initgr_next_base] (0x0400): Searching for users with base [ou=Users,ou=Company,dc=Company,dc=dk]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=localUser)(objectclass=user)((null)=*))][ou=Users,ou=Company,dc=Company,dc=dk].
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixHomeDirectory]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPrincipalName]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [displayName]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x0080): ldap_search_ext failed: Bad search filter
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_done] (0x0100): sdap_get_generic_ext_recv failed [1432158235]: Malformed search filter
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,1432158235,Init group lookup failed
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [be_get_account_info] (0x0100): Got request for [4099][1][name=localUser]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [be_req_set_domain] (0x0400): Changing request domain from [Company.dk] to [Company.dk]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_initgr_next_base] (0x0400): Searching for users with base [ou=Users,ou=Company,dc=Company,dc=dk]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=localUser)(objectclass=user)((null)=*))][ou=Users,ou=Company,dc=Company,dc=dk].
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixHomeDirectory]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPrincipalName]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [displayName]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x0080): ldap_search_ext failed: Bad search filter
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_done] (0x0100): sdap_get_generic_ext_recv failed [1432158235]: Malformed search filter
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,1432158235,Init group lookup failed
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [be_get_account_info] (0x0100): Got request for [4099][1][name=localUser]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [be_req_set_domain] (0x0400): Changing request domain from [Company.dk] to [Company.dk]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_initgr_next_base] (0x0400): Searching for users with base [ou=Users,ou=Company,dc=Company,dc=dk]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=localUser)(objectclass=user)((null)=*))][ou=Users,ou=Company,dc=Company,dc=dk].
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixHomeDirectory]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPrincipalName]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [displayName]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x0080): ldap_search_ext failed: Bad search filter
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_done] (0x0100): sdap_get_generic_ext_recv failed [1432158235]: Malformed search filter
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,1432158235,Init group lookup failed
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [be_get_account_info] (0x0100): Got request for [4099][1][name=localUser]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [be_req_set_domain] (0x0400): Changing request domain from [Company.dk] to [Company.dk]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_initgr_next_base] (0x0400): Searching for users with base [ou=Users,ou=Company,dc=Company,dc=dk]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=localUser)(objectclass=user)((null)=*))][ou=Users,ou=Company,dc=Company,dc=dk].
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sAMAccountName]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [unixHomeDirectory]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPrincipalName]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [displayName]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uSNChanged]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap]
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_ext_step] (0x0080): ldap_search_ext failed: Bad search filter
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [sdap_get_generic_done] (0x0100): sdap_get_generic_ext_recv failed [1432158235]: Malformed search filter
(Tue Jan 27 15:58:25 2015) [sssd[be[Company.dk]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,1432158235,Init group lookup failed回答 2
Server Fault用户
回答已采纳
发布于 2015-01-27 15:08:11
再看看我在sssd.conf上给你的喘息的SSSD-AD问题给你的StackExchange。您需要ldap_group_nesting_level = 5条目来启用嵌套组。
Server Fault用户
发布于 2015-01-28 14:01:37
根据日志,SSSD还抱怨一个格式错误的过滤器:(&(sAMAccountName=localUser)(objectclass=user)((null)=*))
看起来您使用的是ID映射和LDAP (而不是AD)提供程序,在这种情况下,您需要配置ldap_user_objectsid值:
ldap_user_objectsid = objectSid
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/662700
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号