0

我一直在尝试将 sssd 与 LDAP 集成。我们在环境中使用 OUD。

uid 中包含 12 个字符的用户无法连接到服务器,导致日志中出现错误:没有提供 uid ...

(Thu May 18 10:47:23 2017) [sssd[be[LDAP]]] [sdap_get_primary_name] 
(0x0400): Processing object 820115302022
(Thu May 18 10:47:23 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0400): 
Processing user 820115302022@ldap
(Thu May 18 10:47:23 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0020): no 
uid provided for [820115302022@ldap] in domain [LDAP].
(Thu May 18 10:47:23 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0020): 
Failed to save user [**820115302022**@ldap]
(Thu May 18 10:47:23 2017) [sssd[be[LDAP]]] [sdap_save_users] (0x0040): 
Failed to store user 0. Ignoring.

所以我创建了一个新用户,其 uid 中的 uid=32001 的字符数少于例如 5 个。该用户连接成功。

我一直在寻找用户在使用 sssd 时可以拥有的 uid 长度是否有一些限制,但我仍然没有找到答案。有谁知道这个错误的原因是什么,我该如何解决?

4

1 回答 1

0

我们使用的目录服务器是 OUD(Oracle 统一目录),使用的 uid 和 gid 是 posixAccount 和 posixGroup 对象类中的属性。我们也测试了其他用户,当用户的 uid 中有 11 个以上的字符时,问题就出现了。这是有 11 个字符且无法登录的用户的日志。

(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_get_account_info_handler] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_attach_req] (0x0400): DP 
Request [Account #82]: New request. Flags [0x0001].
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_attach_req] (0x0400): Number 
of active DP request: 1
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_search_user_next_base] 
(0x0400): Searching for users with base [cn=users,dc=mzsr,dc=kz]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x0400): calling ldap_search_ext with [(&(uid=32000000001)
(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))]
[cn=users,dc=mzsr,dc=kz].
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [objectClass]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [uid]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [userPassword]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [uidNumber]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [gidNumber]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [gecos]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [homeDirectory]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [loginShell]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [krbPrincipalName]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [cn]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [modifyTimestamp]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [modifyTimestamp]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowLastChange]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowMin]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowMax]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowWarning]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowInactive]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowExpire]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowFlag]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [krbLastPwdChange]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [krbPasswordExpiration]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [pwdAttribute]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [authorizedService]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [accountExpires]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [userAccountControl]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [nsAccountLock]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [host]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step]  
(0x1000): Requesting attrs: [loginDisabled]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [loginExpirationTime]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [loginAllowedTimeMap]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [sshPublicKey]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [mail]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_parse_entry] (0x1000): 
OriginalDN: [uid=32000000001,cn=users,dc=mzsr,dc=kz].
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_op_finished] 
(0x0400): Search result: Success(0), no errmsg set
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_search_user_process] 
(0x0400): Search for users, returned 1 results.
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0400): Save 
user
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_attrs_get_sid_str] 
(0x1000): No [objectSID] attribute. [0][Success]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_primary_name] 
(0x0400): Processing object 32000000001
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0400): 
Processing user 32000000001@ldap
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0020): no 
uid provided for [32000000001@ldap] in domain [LDAP].
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0020): 
Failed to save user [32000000001@ldap]
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_save_users] (0x0040): 
Failed to store user 0. Ignoring.
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_req_done] (0x0400): DP 
Request [Account #82]: Request handler finished [0]: Success
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [_dp_req_recv] (0x0400): DP 
Request [Account #82]: Receiving request data.
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_req_reply_list_success] 
(0x0400): DP Request [Account #82]: Finished. Success.
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_req_reply_std] (0x1000): DP 
Request [Account #82]: Returning [Success]: 0,0,Success
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_table_value_destructor] 
(0x0400): Removing [0:1:0x0001:1:1::LDAP:name=32000000001@ldap] from reply 
table
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_req_destructor] (0x0400): DP 
Request [Account #82]: Request removed.
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_req_destructor] (0x0400): 
Number of active DP request: 0
于 2017-05-31T12:05:03.147 回答