Thanks Howard.

Best regards,

From: Howard Chu <>
To: Majid Khan <>; "" <>
Sent: Tuesday, April 28, 2015 12:35 PM
Subject: Re: uidNumber=4294967295 is being appearing in the log frequently

Majid Khan wrote:
> Dear Techies,
> I'm not sure if this is the right forum to discuss this but I am getting
> the following from some of the clients machine I'm not sure why some of
> them sending this info otherwise my authentication and login all is
> working fine but I'm concern why its happening and my log is full of the
> following kind of message:
> If this is not the right forum then I apologies and please direct me to
> that right group:

Since the query is coming from SSSD, you should be asking in a forum for
SSSD support. This has nothing to do with OpenLDAP.

For the record, this is a pretty stupidly constructed LDAP search
filter. Their LDAP support appears to be pretty clunky.

> Apr 28 05:58:44 server1 slapd[23003]: conn=5235 op=22 SRCH
> base="dc=example,dc=com" scope=2 deref=0
> filter="(&(uidNumber=4294967295)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))"
> Apr 28 05:58:44 server1 slapd[23003]: conn=5235 op=22 SRCH
> attr=objectClass uid userPassword uidNumber gidNumber gecos
> homeDirectory loginShell krbPrincipalName cn modifyTimestamp
> modifyTimestamp shadowLastChange shadowMin shadowMax shadowWarning
> shadowInactive shadowExpire shadowFlag krbLastPwdChange
> krbPasswordExpiration pwdAttribute authorizedService accountExpires
> userAccountControl nsAccountLock host loginDisabled loginExpirationTime
> loginAllowedTimeMap
> Server info: CentOS release 6.6
> LDAP version: openldap-2.4.40
> Client info: CentOS release 6.2
> Client using SSSD: sssd-1.11.6

  -- Howard Chu
  CTO, Symas Corp.
  Director, Highland Sun
  Chief Architect, OpenLDAP