[debian-lan-devel] FusionDirectory vs GoSA

Daniel Olynsma Daniel.Olynsma at alliedtelesis.co.nz
Fri Jun 26 09:29:41 UTC 2015 

Hi Andi,

I tried repeating my tests in a new VM and ended up with the same results as what you got.
Not sure why it worked for me initially.

So I followed up on what you wrote about not gettting the correct next UID/GID in the add2gosa.
The ldapscripts appear to be written for predecessor to sssd and as noted by you, do not handle sssd.
I tried various things and eventually got successful result with add2gosa.
Please note that what I have done was a real set of hacks as I do not totally understand the system/scripts.
But I hope that they help.

I edited the following on 'mainserver'
----
root at mainserver:/etc# git diff
diff --git a/sssd/sssd.conf b/sssd/sssd.conf
index 97a3d19..3f46453 100644
--- a/sssd/sssd.conf
+++ b/sssd/sssd.conf
@@ -16,7 +16,8 @@ reconnection_retries = 3
 [domain/intern]
 ; Using enumerate = true leads to high load and slow response
 enumerate = false
-cache_credentials = true
+#cache_credentials = true
+cache_credentials = false

 id_provider = ldap
 auth_provider = krb5
root at mainserver:/etc#
---

/usr/local/sbin/add2gosa
---
user2LDAP() {
    set +e
    # Get rid of leading and trailing whitespace:
    local FNAME=$(echo $1)
    local GNAME=$(echo $2)
    local GECOS=$(echo $GNAME $FNAME | iconv -f UTF-8 -t ASCII//TRANSLIT)
    _USER="$3"
    _GROUP="$_USER"

    ldapaddgroup  $_GROUP
    ldapadduser $_USER $_USER
#    exit
#    # Group GID
#    _GID=$(_findnextgid)
#    [ -z "_GID" ] && end_die "Cannot guess next free group ID."
#
#    # Add group to LDAP
#    _extractldif 4 | _filterldif | _utf8encode | _ldapadd
#    [ $? -eq 0 ] || end_die "Error adding group '$_GROUP' to LDAP."
#    echo_log "Successfully added group '$_GROUP' to LDAP."
#
#    ###################
#
#    # User UID
#    _UID=$(_findnextuid)
#    [ -z "_UID" ] && end_die "Cannot guess next free user ID."
#
#    # Compute homedir
#    _HOMEDIR=$(echo "$UHOMES" | sed "s|%u|$_USER|g")
#
#    # Add user to LDAP
#    _extractldif 5 | \
#        sed -e "s|<GNAME>|$GNAME|g" \
#        -e "s|<FNAME>|$FNAME|g" \
#        -e "s|<GECOS>|$GECOS|g" \
#        -e "s|<PWHASH>|$PWHASH|g" \
#        | _filterldif | _utf8encode | _ldapadd
#    [ $? -eq 0 ] || end_die "Error adding user '$_USER' to LDAP."
#    echo_log "Successfully added user '$_USER' to LDAP."
#
#    # Create Home dir
#    if [ -e "$_HOMEDIR" ] ; then
#        warn_log "Skipped home directory creation for user '$_USER' (already exists)."
#    else
#        if [ -d "$HOMESKEL" ] ; then
#            mkdir -p $(dirname "$_HOMEDIR") 2>>"$LOGFILE" 1>/dev/null
#            cp -pR "$HOMESKEL/" "$_HOMEDIR" 2>>"$LOGFILE" 1>/dev/null
#        else
#            mkdir -p "$_HOMEDIR" 2>>"$LOGFILE" 1>/dev/null
#        fi
#        chmod "$HOMEPERMS" "$_HOMEDIR" 2>>"$LOGFILE" 1>/dev/null
#        chown -R "$_UID":"$_GID" "$_HOMEDIR" 2>>"$LOGFILE" 1>/dev/null
#        echo_log "Successfully created home directory '$_HOMEDIR' for user '$_USER'."
#    fi
    set -e
}
---

I tested this with 3 users in a text file and each one came out with a unique UID|GID in the 40k range

root at mainserver:~# add2gosa users5.txt
Input file 'users5.txt' seems to be valid.

---------------- vvvyou ----------------
Password and hash created.
Successfully added group vvvyou to LDAP
Successfully added user vvvyou to LDAP
Successfully created home directory for user vvvyou
Authenticating as principal admin/admin at INTERN with password.
NOTICE: no policy specified for vvvyou at INTERN; assigning "default"
add_principal: No such object while creating "vvvyou at INTERN".

---------------- zzzyou ----------------
Password and hash created.
Successfully added group zzzyou to LDAP
Successfully added user zzzyou to LDAP
Successfully created home directory for user zzzyou
Authenticating as principal admin/admin at INTERN with password.
NOTICE: no policy specified for zzzyou at INTERN; assigning "default"
add_principal: No such object while creating "zzzyou at INTERN".

---------------- gggyou ----------------
Password and hash created.
Successfully added group gggyou to LDAP
Successfully added user gggyou to LDAP
Successfully created home directory for user gggyou
Authenticating as principal admin/admin at INTERN with password.
NOTICE: no policy specified for gggyou at INTERN; assigning "default"
add_principal: No such object while creating "gggyou at INTERN".

   ===================== IMPORTANT NOTICE =====================
    Make sure to keep 'users5.txt' save or remove it!
    Advice users to change their password immediately in GOsa.
   ============================================================
root at mainserver:~# ls -lrt /lan/mainserver/home0/
total 120
drwxr-x--x 2 zzzyou zzzyou  4096 Jun 20 19:23 zzzyou   <<<<<<<
drwxr-x--x 2 xxxyou xxxyou  4096 Jun 20 19:23 xxxyou   <<<<<<<
drwxr-x--x 2 xxxdan xxxdan  4096 Jun 20 19:23 xxxdan
drwxr-x--x 2 vvvyou vvvyou  4096 Jun 20 19:23 vvvyou
drwxr-x--x 2 user1  user1   4096 Jun 20 19:23 user1
drwxr-x--x 2 mmmdan  10001  4096 Jun 20 19:23 mmmdan
drwxr-x--x 2 mmmdan  10001  4096 Jun 20 19:23 llldan
drwxr-x--x 2 mmmdan  10001  4096 Jun 20 19:23 kkkdan
drwxr-x--x 2 iiidan  10001  4096 Jun 20 19:23 iiidan
drwxr-x--x 2 iiiali  10001  4096 Jun 20 19:23 iiiali
drwxr-x--x 2 iiidan  10001  4096 Jun 20 19:23 hhhdan
drwxr-x--x 2 hhhali  10001  4096 Jun 20 19:23 hhhali
drwxr-x--x 2 gggyou gggyou  4096 Jun 20 19:23 gggyou   <<<<<<<
drwxr-x--x 2 eeedan  10001  4096 Jun 20 19:23 eeedan
drwxr-x--x 2 eeedan  10001  4096 Jun 20 19:23 ddddan
drwxr-x--x 2 eeedan  10001  4096 Jun 20 19:23 cccdan
drwxr-x--x 2 cccali  10001  4096 Jun 20 19:23 cccali
drwxr-x--x 2 cccali  10001  4096 Jun 20 19:23 bbbali
drwxr-x--x 2 cccali  10001  4096 Jun 20 19:23 aaaali
drwx------ 2 root   root   16384 Jun 21 17:05 lost+found
drwxr-x--- 3 admin  admin   4096 Jun 21 21:08 admin
-rw------- 1 root   root    8192 Jun 25 20:44 aquota.user
drwxr-x--x 2 eeedan  10001  4096 Jun 25 21:17 aaadan
drwxr-x--x 2 eeedan  10001  4096 Jun 25 21:21 bbbdan
drwxr-x--x 2 iiidan  10001  4096 Jun 25 21:25 fffdan
drwxr-x--x 2 iiidan  10001  4096 Jun 25 21:26 gggdan
root at mainserver:~# getent group zzzyou
zzzyou:*:40007:
root at mainserver:~#
root at mainserver:~#
root at mainserver:~# getent group xxxyou
xxxyou:*:40005:
root at mainserver:~#
root at mainserver:~# cat users5.txt
# www   meme    wwwmem  vWsn9wmv
# www   you     wwwyou  xi9D8nXV
# xxx   you     xxxyou  msZJaPKj
# vvv   you     vvvyou  UHdM7rTw
# zzz   you     zzzyou  ZZeb4L0q
# ggg   you     gggyou  ny/tn6L1
root at mainserver:~#




________________________________________
From: Andreas B. Mundt <andi.mundt at web.de>
Sent: Thursday, 25 June 2015 7:37 a.m.
To: Daniel Olynsma
Cc: debian-lan-devel at lists.alioth.debian.org
Subject: Re: [debian-lan-devel] FusionDirectory vs GoSA

Hi Daniel,

On Fri, Jun 19, 2015 at 04:16:40AM +0000, Daniel Olynsma wrote:
>
> I have played round with the latest code in git.
> I removed the calls to 'sss_cache' from the scripts
> I was able to create users using GoSA web as well as the add2gosa|debian-lan scripts without issues.
> The users that I created were able login etc...
> What issues were you experiencing?

I had problems with unique UIDs.  I tried to add a list of users using

  add2gosa <FILE>

where <FILE> has a couple of lines like "<LastName>     <FirstName>"
(try add2gosa without arguments for details).  A check with

     getent passwd
or
     getent group

showed that some users had the same UIDs and/or GIDs.   Checking the
next free UID/GID  seems to fail when creating a series of users.  The
line "sss_cache -U -G" should clean the cache, but it did not help for
some reason.  I tried to restart sssd in addition, but that failed
because (IIRC) systemd complained at some point about too many
restarts.

> Can I help test it in any?

It would be great if you could verify my findings.  If you can confirm
my findings, we should report a bug against sssd and look for a
solution to the problem.

Best regards and many thanks for your tests!

     Andi

More information about the debian-lan-devel mailing list