Question

我一直在尝试将sssd与LDAP集成。我们在我们的环境中使用OUD。

其uid中包含12个字符的用户无法连接到服务器，从而导致日志错误：未提供uid ...

(Thu May 18 10:47:23 2017) [sssd[be[LDAP]]] [sdap_get_primary_name] 
(0x0400): Processing object 820115302022
(Thu May 18 10:47:23 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0400): 
Processing user 820115302022@ldap
(Thu May 18 10:47:23 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0020): no 
uid provided for [820115302022@ldap] in domain [LDAP].
(Thu May 18 10:47:23 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0020): 
Failed to save user [**820115302022**@ldap]
(Thu May 18 10:47:23 2017) [sssd[be[LDAP]]] [sdap_save_users] (0x0040): 
Failed to store user 0. Ignoring.

所以我创建了新用户，例如其uid中的5个字符是uid = 32001。此用户成功连接。

我一直在寻找用户在使用sssd时可以拥有的uid长度的限制，但我仍然没有找到答案。有谁知道这个错误的原因是什么，我该如何解决呢？

Answer 1

我们使用的目录服务器是OUD（Oracle Unified Directory），使用的uid和gid是posixAccount和posixGroup对象类中的属性。我们也测试了其他用户，并且当用户在其uid中有11个以上的字符时出现问题。以下是具有11个字符且无法登录的用户的日志。

(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_get_account_info_handler] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_attach_req] (0x0400): DP 
Request [Account #82]: New request. Flags [0x0001].
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_attach_req] (0x0400): Number 
of active DP request: 1
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_search_user_next_base] 
(0x0400): Searching for users with base [cn=users,dc=mzsr,dc=kz]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x0400): calling ldap_search_ext with [(&(uid=32000000001)
(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))]
[cn=users,dc=mzsr,dc=kz].
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [objectClass]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [uid]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [userPassword]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [uidNumber]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [gidNumber]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [gecos]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [homeDirectory]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [loginShell]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [krbPrincipalName]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [cn]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [modifyTimestamp]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [modifyTimestamp]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowLastChange]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowMin]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowMax]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowWarning]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowInactive]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowExpire]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowFlag]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [krbLastPwdChange]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [krbPasswordExpiration]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [pwdAttribute]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [authorizedService]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [accountExpires]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [userAccountControl]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [nsAccountLock]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [host]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]  
(0x1000): Requesting attrs: [loginDisabled]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [loginExpirationTime]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [loginAllowedTimeMap]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [sshPublicKey]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [mail]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_parse_entry] (0x1000): 
OriginalDN: [uid=32000000001,cn=users,dc=mzsr,dc=kz].
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_op_finished] 
(0x0400): Search result: Success(0), no errmsg set
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_search_user_process] 
(0x0400): Search for users, returned 1 results.
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0400): Save 
user
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_attrs_get_sid_str] 
(0x1000): No [objectSID] attribute. [0][Success]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_primary_name] 
(0x0400): Processing object 32000000001
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0400): 
Processing user 32000000001@ldap
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0020): no 
uid provided for [32000000001@ldap] in domain [LDAP].
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0020): 
Failed to save user [32000000001@ldap]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_save_users] (0x0040): 
Failed to store user 0. Ignoring.
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_req_done] (0x0400): DP 
Request [Account #82]: Request handler finished [0]: Success
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [_dp_req_recv] (0x0400): DP 
Request [Account #82]: Receiving request data.
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_req_reply_list_success] 
(0x0400): DP Request [Account #82]: Finished. Success.
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_req_reply_std] (0x1000): DP 
Request [Account #82]: Returning [Success]: 0,0,Success
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_table_value_destructor] 
(0x0400): Removing [0:1:0x0001:1:1::LDAP:name=32000000001@ldap] from reply 
table
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_req_destructor] (0x0400): DP 
Request [Account #82]: Request removed.
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_req_destructor] (0x0400): 
Number of active DP request: 0

SSSD和LDAP：没有为用户提供uid

1 个答案: