[Pkg-sssd-devel] Bug#667980: sssd: LDAP provider fails with "ldap_result gave -1, something bad happend!"

Michael Fladischer FladischerMichael at fladi.at
Sat Apr 7 20:06:24 UTC 2012 

Package: sssd
Version: 1.8.1-1
Severity: normal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear Maintainer,

Using the LDAP id provider does not work. Running sssd in with debug output shows this:

(Sat Apr  7 21:51:47 2012) [sssd[be[FLADI.AT]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP'
(Sat Apr  7 21:51:47 2012) [sssd[be[FLADI.AT]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'root.fladi.at' in files
(Sat Apr  7 21:51:47 2012) [sssd[be[FLADI.AT]]] [set_server_common_status] (0x0100): Marking server 'root.fladi.at' as 'resolving name'
(Sat Apr  7 21:51:47 2012) [sssd[be[FLADI.AT]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'root.fladi.at' in files
(Sat Apr  7 21:51:47 2012) [sssd[be[FLADI.AT]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry
(Sat Apr  7 21:51:47 2012) [sssd[be[FLADI.AT]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'root.fladi.at' in DNS
(Sat Apr  7 21:51:47 2012) [sssd[be[FLADI.AT]]] [request_watch_destructor] (0x0400): Deleting request watch
(Sat Apr  7 21:51:47 2012) [sssd[be[FLADI.AT]]] [set_server_common_status] (0x0100): Marking server 'root.fladi.at' as 'name resolved'
(Sat Apr  7 21:51:47 2012) [sssd[be[FLADI.AT]]] [be_resolve_server_done] (0x0200): Found address for server root.fladi.at: [176.9.16.100] TTL 48714
(Sat Apr  7 21:51:47 2012) [sssd[be[FLADI.AT]]] [sdap_uri_callback] (0x0400): Constructed uri 'ldap://root.fladi.at'
(Sat Apr  7 21:51:47 2012) [sssd[be[FLADI.AT]]] [sss_ldap_init_send] (0x0400): Setting 6 seconds timeout for connecting
(Sat Apr  7 21:51:47 2012) [sssd[be[FLADI.AT]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][].
(Sat Apr  7 21:51:47 2012) [sssd[be[FLADI.AT]]] [sdap_process_result] (0x0100): ldap_result gave -1, something bad happend!
(Sat Apr  7 21:51:47 2012) [sssd[be[FLADI.AT]]] [sdap_get_generic_done] (0x0100): sdap_get_generic_ext_recv failed [5]: Input/output error
(Sat Apr  7 21:51:47 2012) [sssd[be[FLADI.AT]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'root.fladi.at' as 'not working'
(Sat Apr  7 21:51:47 2012) [sssd[be[FLADI.AT]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP'
(Sat Apr  7 21:51:47 2012) [sssd[be[FLADI.AT]]] [fo_resolve_service_send] (0x0020): No available servers for service 'LDAP'
(Sat Apr  7 21:51:47 2012) [sssd[be[FLADI.AT]]] [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5 [Input/output error])
(Sat Apr  7 21:51:47 2012) [sssd[be[FLADI.AT]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks.
(Sat Apr  7 21:51:47 2012) [sssd[be[FLADI.AT]]] [ldap_id_enumerate_set_timer] (0x0400): Scheduling next enumeration at 1333828607.270551

Using wireshark I can only see a LDAP search operation for the RootDSE, which seems to be the operation resulting in "ldap_result gave -1".
No other LDAP operation is commited after this.

My domain is configured like this:

[domain/FLADI.AT]
auth_provider = krb5
krb5_server = home.fladi.at
krb5_realm = FLADI.AT
id_provider = ldap
chpass_provider = ldap
ldap_uri = ldap://root.fladi.at
ldap_search_base = dc=fladi,dc=at
ldap_user_search_base = ou=users,dc=fladi,dc=at
ldap_group_search_base = ou=groups,dc=fladi,dc=at
ldap_tls_reqcert = never
ldap_tls_cacert = /etc/ssl/certs/cacert.org.pem
cache_credentials = true
enumerate = true
min_id = 1000
max_id = 0

- -- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages sssd depends on:
ii  libc-ares2                   1.7.5-1
ii  libc6                        2.13-27
ii  libcollection2               0.1.3-1
ii  libcomerr2                   1.42.2-1
ii  libdbus-1-3                  1.5.12-1
ii  libdhash1                    0.1.3-1
ii  libini-config2               0.1.3-1
ii  libipa-hbac0                 1.8.1-1
ii  libk5crypto3                 1.10+dfsg~beta1-2
ii  libkrb5-3                    1.10+dfsg~beta1-2
ii  libldap-2.4-2                2.4.28-1.2
ii  libldb1                      1:1.1.4+git20120206-1
ii  libnspr4-0d                  4.9-1
ii  libnss3-1d                   3.13.3-1
ii  libpam0g                     1.1.3-7
ii  libpcre3                     1:8.30-4
ii  libpopt0                     1.16-3
ii  libsasl2-modules-gssapi-mit  2.1.25.dfsg1-4
ii  libtalloc2                   2.0.7+git20120207-1
ii  libtdb1                      1.2.9+git20120207-2
ii  libtevent0                   0.9.15-2
ii  libunistring0                0.9.3-5
ii  multiarch-support            2.13-27
ii  python                       2.7.2-10
ii  python-sss                   1.8.1-1

Versions of packages sssd recommends:
pn  bind9-host             1:9.8.1.dfsg.P1-3
pn  ldap-utils             2.4.28-1.2
pn  libnss-sss             1.8.1-1
pn  libpam-sss             1.8.1-1
pn  libsasl2-modules-ldap  <none>

Versions of packages sssd suggests:
pn  sssd-tools  <none>

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk+AnjcACgkQeJ3z1zFMUGYO4gCfRdclnkivA/FP1AV7jLxVc3mr
qFUAn09elsY93zrX7cdhf10UReOB1Ggd
=9U7/
-----END PGP SIGNATURE-----

More information about the Pkg-sssd-devel mailing list