[prev in list] [next in list] [prev in thread] [next in thread]
List: sssd-users
Subject: =?utf-8?q?=5BSSSD-users=5D?= Re: enumerate = true strange/broken ?
From: Joakim Tjernlund <Joakim.Tjernlund () infinera ! com>
Date: 2019-09-04 7:50:11
Message-ID: d92d679960047f0521aa2eded58ce79850a8c9c4.camel () infinera ! com
[Download RAW message or body]
On Fri, 2019-08-30 at 18:52 +0200, Sumit Bose wrote:
>
> On Fri, Aug 30, 2019 at 04:07:39PM +0000, Joakim Tjernlund wrote:
> > Decided to try out 2.2.1 and also gave enumerate a try and got somewhat strange results:
> >
> > sssd # getent group
> > cjhfj4j_admins:*:145421:
> > ....
> >
> > No group members ?
> >
> >
> > getent passwd
> > Only list linux system users and myself
> > Where are the rest of the users ?
>
> Hi,
>
> since we typically recommend to not use enumeration it might not get the
> required testing. Nevertheless can you send your (sanitized) sssd.conf
> so that we can try to reproduce the issue?
>
Hi Sumit,
here is sanitized sssd.conf
[sssd]
config_file_version = 2
domains = xxx.com
services = nss, pam
#debug_level = 0x0fff
[nss]
fallback_homedir = /home/%u
default_shell = /bin/bash
#debug_level = 0x0fff
enum_cache_timeout = 3600
entry_negative_timeout = 300
[pam]
#debug_level = 0x0fff
[domain/xxx.com]
#debug_level = 0xffff
timeout = 30
ad_maximum_machine_account_password_age = 0
ignore_group_members = false
ldap_id_mapping = false
cache_credentials = true
enumerate = true
ldap_enumeration_refresh_timeout = 1800
entry_cache_timeout = 3600
refresh_expired_interval = 2700
id_provider = ad
auth_provider = ad
access_provider = permit
chpass_provider = ad
ad_server = yyy01.xxx.com,yyy02.xxx.com
ad_backup_server = byyy01.xxx.com,byyy.xxx.com
dyndns_auth = none
dyndns_iface = vpn0, wlan0, eth0
dyndns_update = true
dyndns_refresh_interval = 600
dyndns_update_ptr = true
dyndns_ttl = 3600
case_sensitive = false
ldap_referrals = false
ldap_sasl_mech = GSSAPI
ldap_schema = rfc2307bis
ldap_access_order = expire
ldap_account_expire_policy = ad
ldap_force_upper_case_realm = true
krb5_realm = XXX.COM
krb5_canonicalize = true
krb5_store_password_if_offline = true
krb5_use_kdcinfo = False
krb5_renewable_lifetime = 7d
krb5_lifetime = 24h
krb5_renew_interval = 4h
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic