SSSD和LDAP：没有给用户提供

我一直在试图SSSD与LDAP集成UID。我们在我们的环境中使用OUD。SSSD和LDAP：没有给用户提供

含有在其UID 12个字符无法连接到导致在日志中错误的服务器的用户：没有设置UID ...

(Thu May 18 10:47:23 2017) [sssd[be[LDAP]]] [sdap_get_primary_name] 
(0x0400): Processing object 820115302022 
(Thu May 18 10:47:23 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0400): 
Processing user [email protected] 
(Thu May 18 10:47:23 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0020): no 
uid provided for [[email protected]] in domain [LDAP]. 
(Thu May 18 10:47:23 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0020): 
Failed to save user [**820115302022**@ldap] 
(Thu May 18 10:47:23 2017) [sssd[be[LDAP]]] [sdap_save_users] (0x0040): 
Failed to store user 0. Ignoring.

因此，我创建新用户以较少的例如它的uid中的5个字符是uid = 32001。该用户连接成功。

我一直在寻找，如果有上同时使用SSSD，但我还没有找到一个答案，用户可以有UID长度有一定的限制。有谁知道什么是此错误的原因以及如何解决它？

来源

2017-05-30 Tina

你能为我们提供更多的信息？哪个LDAP目录，其他日志，sssd配置？如果你使用'sssd'用'AD'，难道这些UID的POSIX UID？（如果是，请尝试检查此答案：https://serverfault.com/questions/631657/how-do-i-get-centos-7-to-use-uids-and-gids-from-active-directory） – Esteban

我们使用的目录服务器是OUD（Oracle统一目录），使用的uid和gid是posixAccount和posixGroup对象类中的属性。我们测试的其他用户也是一样，当用户在其发表于11个OD更chacaters出现的问题。以下是有11个字符且无法登录的用户的日志。

(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_get_account_info_handler] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_attach_req] (0x0400): DP 
Request [Account #82]: New request. Flags [0x0001]. 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_attach_req] (0x0400): Number 
of active DP request: 1 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_search_user_next_base] 
(0x0400): Searching for users with base [cn=users,dc=mzsr,dc=kz] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x0400): calling ldap_search_ext with [(&(uid=32000000001) 
(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))] 
[cn=users,dc=mzsr,dc=kz]. 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [objectClass] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [uid] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [userPassword] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [uidNumber] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [gidNumber] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [gecos] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [homeDirectory] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [loginShell] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [krbPrincipalName] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [cn] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [modifyTimestamp] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [modifyTimestamp] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowLastChange] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowMin] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowMax] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowWarning] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowInactive] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowExpire] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [shadowFlag] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [krbLastPwdChange] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [krbPasswordExpiration] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [pwdAttribute] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [authorizedService] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [accountExpires] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [userAccountControl] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [nsAccountLock] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [host] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [loginDisabled] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [loginExpirationTime] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [loginAllowedTimeMap] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [sshPublicKey] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_ext_step] 
(0x1000): Requesting attrs: [mail] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_parse_entry] (0x1000): 
OriginalDN: [uid=32000000001,cn=users,dc=mzsr,dc=kz]. 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_generic_op_finished] 
(0x0400): Search result: Success(0), no errmsg set 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_search_user_process] 
(0x0400): Search for users, returned 1 results. 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0400): Save 
user 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_attrs_get_sid_str] 
(0x1000): No [objectSID] attribute. [0][Success] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_get_primary_name] 
(0x0400): Processing object 32000000001 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0400): 
Processing user [email protected] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0020): no 
uid provided for [[email protected]] in domain [LDAP]. 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0020): 
Failed to save user [[email protected]] 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [sdap_save_users] (0x0040): 
Failed to store user 0. Ignoring. 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_req_done] (0x0400): DP 
Request [Account #82]: Request handler finished [0]: Success 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [_dp_req_recv] (0x0400): DP 
Request [Account #82]: Receiving request data. 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_req_reply_list_success] 
(0x0400): DP Request [Account #82]: Finished. Success. 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_req_reply_std] (0x1000): DP 
Request [Account #82]: Returning [Success]: 0,0,Success 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_table_value_destructor] 
(0x0400): Removing [0:1:0x0001:1:1::LDAP:[email protected]] from reply 
table 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_req_destructor] (0x0400): DP 
Request [Account #82]: Request removed. 
(Wed May 31 09:00:08 2017) [sssd[be[LDAP]]] [dp_req_destructor] (0x0400): 
Number of active DP request: 0

来源

2017-05-31 12:05:03 Tina

SSSD和LDAP：没有给用户提供

回答

相关问题