[Freeipa-users] ID Views without AD

Mike Kelly pioto at pioto.org
Thu Feb 18 02:25:25 UTC 2016 

Digging into the code more, I wonder if this is a bug in sssd?

https://github.com/SSSD/sssd/blob/sssd-1_13_0/src/db/sysdb.h#L465-L474 --
NULL is treated as the "default" view, as is the literal string "default",
in is_default_view(...).

https://github.com/SSSD/sssd/blob/sssd-1_13_0/src/providers/ipa/ipa_views.c#L274-L284
-
NULL is treated as "View not defined, nothing to do",
in ipa_get_ad_override_send(...).

Seems possible that, if that first condition is removed, things could work
like I'd expect them to?

But, I'm just grasping at straws at this point... is there possibly some
config field I can use to force the view name? I feel like the code that's
supposed to detect the view name isn't triggering correctly in my case, and
that's what is triggering the issue...

On Tue, Feb 16, 2016 at 11:23 AM Mike Kelly <pioto at pioto.org> wrote:

> >>  Thanks. Here's what is hopefully the relevant lines:
> >
> > I'm sorry, but these logs only capture how the original entry was
> searched, not the overrides. Can you capture the full logs since the sssd
> startup? Also please make sure the cache was invalidated prior to the
> request with sss_cache -E.
>
> Attached are the full logs since a restart of sssd.
>
> I ran these commands:
>
> systemctl stop sssd
>
> echo '----MARK----' >> /var/log/sssd/sssd_home.pioto.org.log # so I could
> mark were the restart happened
>
> sss_cache -E
>
> systemctl start sssd
>
> sss_cache -E
>
> id pioto
>
> ----
>
> I still don't see the override being applied. Possibly because of this
> line?
>
> (Tue Feb 16 11:12:27 2016) [sssd[be[home.pioto.org]]] [ipa_get_ad_override_send]
> (0x4000): View not defined, nothing to do.
>
> So, I get the feeling that, for whatever reason, sssd isn't correctly
> deciding that my id view applies to this host, or just isn't looking it up?
>
> Is there possibly some sort of extra configuration that I've missed to
> tell SSSD to apply these views? From what I can tell, it should just pick
> these up out of the box, from the configuration built by
> ipa-client-install...?
>
-- 

Mike Kelly
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160218/49c97408/attachment.htm>

More information about the Freeipa-users mailing list