somehow, i am no longer facing this issue.. the only change I did was, corrected the /etc/openldap/ldap.conf file to point to the ipa master dns rather than the older ldap dns. the file had "#File modified by ipa-client-install" but it did not change the ldap dns and still pointed to older entry. I jsut corrected it and restarted sssd.
It though did not work initially after changing , however, I am no longer facing that issue now. may be it was a caching issue Thanks, Rakesh On Sun, Apr 24, 2016 at 5:01 PM, Jakub Hrozek <[email protected]> wrote: > > > On 22 Apr 2016, at 19:21, Rakesh Rajasekharan < > [email protected]> wrote: > > > > Hi Jakub > > > > > > the child only had that much info.. > > > > from the domain logs. it looks that it was able to resolve the master . > However, the ldap results say found nothing. > > > > I was earlier running an openldap client on this host and then migrated > to IPA. > > > > /etc/openldap/ldap.conf was still pointing to the older ldap master.. > > > > #File modified by ipa-client-install > > > > URI ldaps://older-ldap-master.com:636/ > > BASE dc=xyz,dc=com > > TLS_CACERT /etc/ipa/ca.crt > > > > TLS_CACERTDIR /etc/openldap/cacerts] > > > > I corrected that to point to IPA and noticed that getent passwd now > successfully lists all the users. > > However, the authentication does not work yet. ( ldapsearch -x though > shows all the users ). > > > > I re-tested it now... > > below is the domain log > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): start > ldb transaction (nesting: 3) > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Added > timed event "ltdb_callback": 0x118fab0 > > > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Added > timed event "ltdb_timeout": 0x11925f0 > > > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Running > timer event 0x118fab0 "ltdb_callback" > > > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): > Destroying timer event 0x11925f0 "ltdb_timeout" > > > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Ending > timer event 0x118fab0 "ltdb_callback" > > > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): cancel > ldb transaction (nesting: 3) > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): commit > ldb transaction (nesting: 2) > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): commit > ldb transaction (nesting: 1) > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_save_users] > (0x4000): User 0 processed! > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): commit > ldb transaction (nesting: 0) > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_get_users_done] > (0x4000): Saving 1 Users - Done > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_id_op_done] > (0x4000): releasing operation connection > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Added > timed event "ltdb_callback": 0x118fd20 > > > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Added > timed event "ltdb_timeout": 0x1182770 > > > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Running > timer event 0x118fd20 "ltdb_callback" > > > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): > Destroying timer event 0x1182770 "ltdb_timeout" > > > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [ldb] (0x4000): Ending > timer event 0x118fd20 "ltdb_callback" > > > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] > [sdap_id_op_connect_step] (0x4000): reusing cached connection > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] > [ipa_get_ad_override_connect_done] (0x4000): Searching for overrides in > view [Default Trust View] with filter > [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:xyz.com:8 > c7e86dc-0536-11e6-94f8-0e49bd988575))]. > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_print_server] > (0x2000): Searching 10.0.4.175 > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] > [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with > [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:xyz.com:8c7e86dc-0536-11e6-94f8-0e49bd988575))][cn=Default > Trust View,cn=views,cn=accounts,dc=xyz,dc=com]. > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] > [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 105 > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_process_result] > (0x2000): Trace: sh[0x1173050], connected[1], ops[0x115c810], > ldap[0x1164b30] > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_process_result] > (0x2000): Trace: ldap_result found nothing! > > (Fri Apr 22 16:57:21 2016) [sssd[be[xyz.com]]] [sdap_process_result] > (0x2000): Trace: sh[0x1173050], connected[1], ops[0x115c810], ldap[0x1164b30 > > > > This log snippet is again completely unrelated to login. It just says > there are no overrides applicable for this user. Please run: > > date; ssh $user@$host; date; > > and attach all logs between the two date outputs. > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
