SSSD und LDAP: Keine Benutzer-ID für Benutzer

Question

Ich habe versucht, SSSD mit LDAP zu integrieren. Wir verwenden OUD in unserer Umgebung.

Der Benutzer 12 Zeichen in seiner uid, die nicht auf dem Server in Fehler führt im Protokoll eine Verbindung herstellen können: keine uid vorgesehen ...

(Thu May 18 10:47:23 2017) [sssd[be[LDAP]]] [sdap_get_primary_name] 
(0x0400): Processing object 820115302022 
(Thu May 18 10:47:23 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0400): 
Processing user 820115302022@ldap 
(Thu May 18 10:47:23 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0020): no 
uid provided for [820115302022@ldap] in domain [LDAP]. 
(Thu May 18 10:47:23 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0020): 
Failed to save user [**820115302022**@ldap] 
(Thu May 18 10:47:23 2017) [sssd[be[LDAP]]] [sdap_save_users] (0x0040): 
Failed to store user 0. Ignoring. 

Also habe ich neue Benutzer mit weniger z.B. 5 Zeichen in seiner UID, die uid = 32001 ist. Dieser Benutzer verbindet erfolgreich.

Ich habe gesucht, wenn es einige Einschränkungen für die UID-Länge gibt, die Benutzer haben können, während Sie sssd verwenden, aber ich habe immer noch keine Antwort gefunden. Weiß jemand, was der Grund für diesen Fehler ist und wie kann ich es lösen?

Answer 1

Der Directory-Server, den wir verwenden, ist OUD (Oracle Unified Directory), und die verwendeten UID und GID sind Attribute in den Objektklassen posixAccount und posixGroup. Wir testeten auch andere Benutzer und das Problem tritt auf, wenn der Benutzer 11 od mehr Chacaters in seiner UID hat. Hier ist das Protokoll für den Benutzer, der 11 Zeichen hat und sich nicht anmelden kann.

(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_get_account_info_handler] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_attach_req] (0x0400): DP 
Request [Account #82]: New request. Flags [0x0001]. 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_attach_req] (0x0400): Number 
of active DP request: 1 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_search_user_next_base] 
(0x0400): Searching for users with base [cn=users,dc=mzsr,dc=kz] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x0400): calling ldap_search_ext with [(&(uid=32000000001) 
(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))] 
[cn=users,dc=mzsr,dc=kz]. 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [objectClass] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [uid] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [userPassword] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [uidNumber] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [gidNumber] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [gecos] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [homeDirectory] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [loginShell] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [krbPrincipalName] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [cn] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [modifyTimestamp] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [modifyTimestamp] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowLastChange] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowMin] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowMax] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowWarning] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowInactive] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowExpire] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowFlag] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [krbLastPwdChange] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [krbPasswordExpiration] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [pwdAttribute] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [authorizedService] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [accountExpires] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [userAccountControl] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [nsAccountLock] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [host] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [loginDisabled] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [loginExpirationTime] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [loginAllowedTimeMap] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [sshPublicKey] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [mail] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_parse_entry] (0x1000): 
OriginalDN: [uid=32000000001,cn=users,dc=mzsr,dc=kz]. 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_op_finished] 
(0x0400): Search result: Success(0), no errmsg set 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_search_user_process] 
(0x0400): Search for users, returned 1 results. 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0400): Save 
user 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_attrs_get_sid_str] 
(0x1000): No [objectSID] attribute. [0][Success] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_primary_name] 
(0x0400): Processing object 32000000001 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0400): 
Processing user 32000000001@ldap 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0020): no 
uid provided for [32000000001@ldap] in domain [LDAP]. 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0020): 
Failed to save user [32000000001@ldap] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_save_users] (0x0040): 
Failed to store user 0. Ignoring. 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_req_done] (0x0400): DP 
Request [Account #82]: Request handler finished [0]: Success 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [_dp_req_recv] (0x0400): DP 
Request [Account #82]: Receiving request data. 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_req_reply_list_success] 
(0x0400): DP Request [Account #82]: Finished. Success. 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_req_reply_std] (0x1000): DP 
Request [Account #82]: Returning [Success]: 0,0,Success 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_table_value_destructor] 
(0x0400): Removing [0:1:0x0001:1:1::LDAP:name=32000000001@ldap] from reply 
table 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_req_destructor] (0x0400): DP 
Request [Account #82]: Request removed. 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_req_destructor] (0x0400): 
Number of active DP request: 0