I am having a hard time setting a user password using ldap (OpenLDAP 2.4.40-13.el7) on a CentOS 7 system.
I have installed OpenLDAP 2.4.40-13.el7 (stock CentOS 7 server and client), nss-pam-ldapd (0.8.13-8.el7) and used authconfig to enable ldap. I have created a user in the ldap database, and getent works just fine -- the uid and gid are seen, etc. But I cannot set the user's password in a way that works for su (and presumably login/slogin, etc.). I am using ldappasswd to set the user's password.
I am thinking that PAM and ldappasswd are using *different* oneway encryption methods and I am guessing I need to update a configuration somewhere (either for pam, sssd, or nslcd), but I am not finding it.
Le 19/09/2017 à 18:45, Robert Heller a écrit :
I am having a hard time setting a user password using ldap (OpenLDAP 2.4.40-13.el7) on a CentOS 7 system.
I have installed OpenLDAP 2.4.40-13.el7 (stock CentOS 7 server and client), nss-pam-ldapd (0.8.13-8.el7) and used authconfig to enable ldap. I have created a user in the ldap database, and getent works just fine -- the uid and gid are seen, etc. But I cannot set the user's password in a way that works for su (and presumably login/slogin, etc.). I am using ldappasswd to set the user's password.
I am thinking that PAM and ldappasswd are using *different* oneway encryption methods and I am guessing I need to update a configuration somewhere (either for pam, sssd, or nslcd), but I am not finding it.
PAM is an LDAP client so does not read the password, it just sends BIND requests and OpenLDAP server then check the passsword by using the hashing method corresponding to the current password value.
Can you check in your server ACLs (olcAccess parameter) that anonymous users have the 'auth' right on userPassword attribute?
At Wed, 20 Sep 2017 09:09:23 +0200 =?UTF-8?Q?Cl=c3=a9ment_OUDOT?= clement.oudot@savoirfairelinux.com wrote:
Le 19/09/2017 =C3=A0 18:45, Robert Heller a =C3=A9crit :
I am having a hard time setting a user password using ldap (OpenLDAP 2.4.40-13.el7) on a CentOS 7 system.
I have installed OpenLDAP 2.4.40-13.el7 (stock CentOS 7 server and clie=
nt),
nss-pam-ldapd (0.8.13-8.el7) and used authconfig to enable ldap. I have created a user in the ldap database, and getent works just fine -- the =
uid and
gid are seen, etc. But I cannot set the user's password in a way that w=
orks
for su (and presumably login/slogin, etc.). I am using ldappasswd to s=
et the
user's password.
I am thinking that PAM and ldappasswd are using *different* oneway encr=
yption
methods and I am guessing I need to update a configuration somewhere (e=
ither
for pam, sssd, or nslcd), but I am not finding it.
PAM is an LDAP client so does not read the password, it just sends BIND=20 requests and OpenLDAP server then check the passsword by using the=20 hashing method corresponding to the current password value.
Can you check in your server ACLs (olcAccess parameter) that anonymous=20 users have the 'auth' right on userPassword attribute?
OK, I will check...
--=20 Cl=C3=A9ment OUDOT Consultant en logiciels libres, Expert infrastructure et s=C3=A9curit=C3=A9 Savoir-faire Linux 137 boulevard de Magenta - 75010 PARIS Blog: http://sflx.ca/coudot
OK, I fixed the ACLs (I think), but it is still not working. I turned on verbose debugging for sssd[pam] and moderate debugging for slapd.
Here are my ACLs in /etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif:
olcAccess: {0}to attrs=userPassword by self write by anonymous auth by dn=uid=heller,ou=People,dc=deepsoft,dc=com write by * none olcAccess: {1}to * by dn=uid=heller,ou=People,dc=deepsoft,dc=com write by * read
There are also these olcAccess entries:
in /etc/openldap/slapd.d/cn=config/olcDatabase={0}config.ldif:
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern al,cn=auth" manage by * none
and in /etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif:
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern al,cn=auth" read by dn.base="cn=Manager,dc=deepsoft,dc=com" read by * none
Here is sssd.conf:
[domain/default]
autofs_provider = ldap cache_credentials = True ldap_search_base = dc=deepsoft,dc=com id_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://192.168.250.98/ ldap_tls_cacertdir = /etc/openldap/cacerts ldap_id_use_start_tls = false [sssd] services = nss, pam, autofs
domains = default [nss] homedir_substring = /home
[pam] debug_level = 0x7770 ldap_id_use_start_tls = false
[sudo]
[autofs]
[ssh]
[pac]
[ifp]
Here is the log output from /var/log/sssd/sssd_pam.log:
(Wed Sep 20 12:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: pcp (Wed Sep 20 12:25:01 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/default/pcp@default] (Wed Sep 20 12:25:01 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User [pcp] not found in PAM cache. (Wed Sep 20 12:25:01 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7ff2478e9030:3:pcp@default@default] (Wed Sep 20 12:25:01 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [default][0x3][BE_REQ_INITGROUPS][1][name=pcp@default:-] (Wed Sep 20 12:25:01 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7ff248b52b10 (Wed Sep 20 12:25:01 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7ff2478e9030:3:pcp@default@default] (Wed Sep 20 12:25:01 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7ff248b52b10 (Wed Sep 20 12:25:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff248b435b0 (Wed Sep 20 12:25:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Wed Sep 20 12:25:01 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success (Wed Sep 20 12:25:01 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [pcp@default] (Wed Sep 20 12:25:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff248b55910
(Wed Sep 20 12:25:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff248b559d0
(Wed Sep 20 12:25:01 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff248b55910 "ltdb_callback"
(Wed Sep 20 12:25:01 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff248b559d0 "ltdb_timeout"
(Wed Sep 20 12:25:01 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff248b55910 "ltdb_callback"
(Wed Sep 20 12:25:01 2017) [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/default/pcp] to negative cache (Wed Sep 20 12:25:01 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [10]: User not known to the underlying authentication module. (Wed Sep 20 12:25:01 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 8 (Wed Sep 20 12:25:01 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7ff2478e9030:3:pcp@default@default] (Wed Sep 20 12:25:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff248b499d0][23] (Wed Sep 20 12:25:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff248b499d0][23] (Wed Sep 20 12:25:01 2017) [sssd[pam]] [client_recv] (0x0200): Client disconnected! (Wed Sep 20 12:25:01 2017) [sssd[pam]] [client_close_fn] (0x2000): Terminated client [0x7ff248b499d0][23]
and from slapd
● slapd.service - OpenLDAP Server Daemon Loaded: loaded (/usr/lib/systemd/system/slapd.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2017-09-20 10:02:58 EDT; 2h 25min ago Docs: man:slapd man:slapd-config man:slapd-hdb man:slapd-mdb file:///usr/share/doc/openldap-servers/guide.html Process: 26003 ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS (code=exited, status=0/SUCCESS) Process: 25964 ExecStartPre=/usr/libexec/openldap/check-config.sh (code=exited, status=0/SUCCESS) Main PID: 26005 (slapd) CGroup: /system.slice/slapd.service └─26005 /usr/sbin/slapd -u ldap -h ldapi:/// ldap://127.0.0.1/ ldap://192.168.250.98/
Sep 20 12:28:01 c764guest.deepsoft.com slapd[26005]: <= bdb_equality_candidates: (uid) not indexed Sep 20 12:28:01 c764guest.deepsoft.com slapd[26005]: conn=1092 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= Sep 20 12:28:01 c764guest.deepsoft.com slapd[26005]: conn=1092 op=3 SRCH base="dc=deepsoft,dc=com" scope=2 deref=0 filter="(&(uid=pcp)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" Sep 20 12:28:01 c764guest.deepsoft.com slapd[26005]: conn=1092 op=3 SRCH attr=objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn modifyTimestamp modifyTimestamp shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdAttribute authorizedService accountExpires userAccountControl nsAccountLock host loginDisabled loginExpirationTime loginAllowedTimeMap sshPublicKey mail Sep 20 12:28:01 c764guest.deepsoft.com slapd[26005]: <= bdb_equality_candidates: (uid) not indexed Sep 20 12:28:01 c764guest.deepsoft.com slapd[26005]: conn=1092 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text= Sep 20 12:28:01 c764guest.deepsoft.com slapd[26005]: conn=1092 op=4 SRCH base="dc=deepsoft,dc=com" scope=2 deref=0 filter="(&(uid=pcp)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" Sep 20 12:28:01 c764guest.deepsoft.com slapd[26005]: conn=1092 op=4 SRCH attr=objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn modifyTimestamp modifyTimestamp shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdAttribute authorizedService accountExpires userAccountControl nsAccountLock host loginDisabled loginExpirationTime loginAllowedTimeMap sshPublicKey mail Sep 20 12:28:01 c764guest.deepsoft.com slapd[26005]: <= bdb_equality_candidates: (uid) not indexed Sep 20 12:28:01 c764guest.deepsoft.com slapd[26005]: conn=1092 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
At this point I am totally stuck.
At Robert Heller heller@deepsoft.com wrote:
At Wed, 20 Sep 2017 09:09:23 +0200 =?UTF-8?Q?Cl=c3=a9ment_OUDOT?= clement.oudot@savoirfairelinux.com wrote:
Le 19/09/2017 =C3=A0 18:45, Robert Heller a =C3=A9crit :
I am having a hard time setting a user password using ldap (OpenLDAP 2.4.40-13.el7) on a CentOS 7 system.
I have installed OpenLDAP 2.4.40-13.el7 (stock CentOS 7 server and clie=
nt),
nss-pam-ldapd (0.8.13-8.el7) and used authconfig to enable ldap. I have created a user in the ldap database, and getent works just fine -- the =
uid and
gid are seen, etc. But I cannot set the user's password in a way that w=
orks
for su (and presumably login/slogin, etc.). I am using ldappasswd to s=
et the
user's password.
I am thinking that PAM and ldappasswd are using *different* oneway encr=
yption
methods and I am guessing I need to update a configuration somewhere (e=
ither
for pam, sssd, or nslcd), but I am not finding it.
PAM is an LDAP client so does not read the password, it just sends BIND=20 requests and OpenLDAP server then check the passsword by using the=20 hashing method corresponding to the current password value.
Can you check in your server ACLs (olcAccess parameter) that anonymous=20 users have the 'auth' right on userPassword attribute?
OK, I will check...
--=20 Cl=C3=A9ment OUDOT Consultant en logiciels libres, Expert infrastructure et s=C3=A9curit=C3=A9 Savoir-faire Linux 137 boulevard de Magenta - 75010 PARIS Blog: http://sflx.ca/coudot
Am Wed, 20 Sep 2017 12:32:37 -0400 (EDT) schrieb Robert Heller heller@deepsoft.com:
OK, I fixed the ACLs (I think), but it is still not working. I turned on verbose debugging for sssd[pam] and moderate debugging for slapd.
Here are my ACLs in /etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif:
olcAccess: {0}to attrs=userPassword by self write by anonymous auth by dn=uid=heller,ou=People,dc=deepsoft,dc=com write by * none olcAccess: {1}to * by dn=uid=heller,ou=People,dc=deepsoft,dc=com write by * read
There are also these olcAccess entries:
in /etc/openldap/slapd.d/cn=config/olcDatabase={0}config.ldif:
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern al,cn=auth" manage by * none
and in /etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif:
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern al,cn=auth" read by dn.base="cn=Manager,dc=deepsoft,dc=com" read by * none
[...]
You may run slapd in debugging mode 128.
-Dieter
At Wed, 20 Sep 2017 19:30:17 +0200 Dieter =?UTF-8?B?S2zDvG50ZXI=?= dieter@dkluenter.de wrote:
Am Wed, 20 Sep 2017 12:32:37 -0400 (EDT) schrieb Robert Heller heller@deepsoft.com:
OK, I fixed the ACLs (I think), but it is still not working. I turned on verbose debugging for sssd[pam] and moderate debugging for slapd. =20 Here are my ACLs in /etc/openldap/slapd.d/cn=3Dconfig/olcDatabase=3D{2}hdb.ldif: =20 olcAccess: {0}to attrs=3DuserPassword by self write by anonymous auth by dn=3Duid=3Dheller,ou=3DPeople,dc=3Ddeepsoft,dc=3Dcom write by * none olcAccess: {1}to * by dn=3Duid=3Dheller,ou=3DPeople,dc=3Ddeepsoft,dc=3Dcom write by * read =20 There are also these olcAccess entries: =20 in /etc/openldap/slapd.d/cn=3Dconfig/olcDatabase=3D{0}config.ldif: =20 olcAccess: {0}to * by dn.base=3D"gidNumber=3D0+uidNumber=3D0,cn=3Dpeercred,cn=3Dextern al,cn=3D=
auth"
manage by * none =20 and in /etc/openldap/slapd.d/cn=3Dconfig/olcDatabase=3D{1}monitor.ldif: =20 olcAccess: {0}to * by dn.base=3D"gidNumber=3D0+uidNumber=3D0,cn=3Dpeercred,cn=3Dextern al,cn=3D=
auth"
read by dn.base=3D"cn=3DManager,dc=3Ddeepsoft,dc=3Dcom" read by * none
[...]
You may run slapd in debugging mode 128.
How do I do that using the "new" configuration method in /etc/openldap/slapd.d?
I added:
logLevel: 128
to the end of /etc/openldap/slapd.d/cn=config.ldif
But it does not like it:
Sep 20 13:59:47 c764guest.deepsoft.com slapd[32362]: UNKNOWN attributeDescription "LOGLEVEL" inserted.
The documentaion talks about loglevel in slapd.conf, but I am not using slapd.conf...
-Dieter
--=20 Dieter Kl=C3=BCnter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53=C2=B037'09,95"N 10=C2=B008'02,42"E
Am Wed, 20 Sep 2017 14:20:54 -0400 (EDT) schrieb Robert Heller heller@deepsoft.com:
At Wed, 20 Sep 2017 19:30:17 +0200 Dieter =?UTF-8?B?S2zDvG50ZXI=?= dieter@dkluenter.de wrote:
Am Wed, 20 Sep 2017 12:32:37 -0400 (EDT) schrieb Robert Heller heller@deepsoft.com:
OK, I fixed the ACLs (I think), but it is still not working. I turned on verbose debugging for sssd[pam] and moderate debugging for slapd. =20 Here are my ACLs in /etc/openldap/slapd.d/cn=3Dconfig/olcDatabase=3D{2}hdb.ldif: =20 olcAccess: {0}to attrs=3DuserPassword by self write by anonymous auth by dn=3Duid=3Dheller,ou=3DPeople,dc=3Ddeepsoft,dc=3Dcom write by * none olcAccess: {1}to * by dn=3Duid=3Dheller,ou=3DPeople,dc=3Ddeepsoft,dc=3Dcom write by * read =20 There are also these olcAccess entries: =20 in /etc/openldap/slapd.d/cn=3Dconfig/olcDatabase=3D{0}config.ldif: =20 olcAccess: {0}to * by dn.base=3D"gidNumber=3D0+uidNumber=3D0,cn=3Dpeercred,cn=3Dextern al,cn=3D=
auth"
manage by * none =20 and in /etc/openldap/slapd.d/cn=3Dconfig/olcDatabase=3D{1}monitor.ldif: =20 olcAccess: {0}to * by dn.base=3D"gidNumber=3D0+uidNumber=3D0,cn=3Dpeercred,cn=3Dextern al,cn=3D=
auth"
read by dn.base=3D"cn=3DManager,dc=3Ddeepsoft,dc=3Dcom" read by * none
[...]
You may run slapd in debugging mode 128.
How do I do that using the "new" configuration method in /etc/openldap/slapd.d?
I added:
logLevel: 128
to the end of /etc/openldap/slapd.d/cn=config.ldif
But it does not like it:
[...]
man slapd(8), $(EXECDIR)/slapd -h ldap:/// -F $(CONFIGDIR)/slapd.d -u $USER -g $GROUP -d 128
-Dieter
Am Wed, 20 Sep 2017 14:20:54 -0400 (EDT) schrieb Robert Heller heller@deepsoft.com:
At Wed, 20 Sep 2017 19:30:17 +0200 Dieter =?UTF-8?B?S2zDvG50ZXI=?= dieter@dkluenter.de wrote:
Am Wed, 20 Sep 2017 12:32:37 -0400 (EDT) schrieb Robert Heller heller@deepsoft.com:
{...]
I added:
logLevel: 128
to the end of /etc/openldap/slapd.d/cn=config.ldif
But it does not like it:
Sep 20 13:59:47 c764guest.deepsoft.com slapd[32362]: UNKNOWN attributeDescription "LOGLEVEL" inserted.
The documentaion talks about loglevel in slapd.conf, but I am not using slapd.conf...
I am not talking about logging and loglevel, I am talkling about debugging and debug level.
-Dieter
Things are still not working. Here is my olcDatabase={2}hdb.ldif file (which contains the access control):
dn: olcDatabase={2}hdb objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {2}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=deepsoft,dc=com olcRootDN: cn=Manager,dc=deepsoft,dc=com olcRootPW: {SSHA}rAk/xVPcZRGhumUTuc2T9xngcSQwL5Sx olcAccess: {0}to attrs=userPassword by self write by anonymous auth by dn=uid=sssd,ou=People,dc=deepsoft,dc=com read by dn=uid=nslcd,ou=People,dc=deepsoft,dc=com read by * none olcAccess: {1}to * by self write by anonymous auth by * read olcDbIndex: objectClass eq,pres olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub structuralObjectClass: olcHdbConfig entryUUID: 7e6a8cd4-30da-1037-9c55-458bcc6c0ce0 creatorsName: cn=config createTimestamp: 20170918163057Z entryCSN: 20170918163057.600191Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20170918163057Z
And here is the log files from slapd (run with -s 128) and sssd_map (also with debugging enabled):
● slapd.service - OpenLDAP Server Daemon Loaded: loaded (/usr/lib/systemd/system/slapd.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2017-09-21 09:46:06 EDT; 4min 7s ago Docs: man:slapd man:slapd-config man:slapd-hdb man:slapd-mdb file:///usr/share/doc/openldap-servers/guide.html Process: 17533 ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS (code=exited, status=0/SUCCESS) Process: 17495 ExecStartPre=/usr/libexec/openldap/check-config.sh (code=exited, status=0/SUCCESS) Main PID: 17535 (slapd) CGroup: /system.slice/slapd.service └─17535 /usr/sbin/slapd -u ldap -h ldapi:/// ldap://127.0.0.1/ ldap://192.168.250.98/ -s 128
Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result not in cache (homeDirectory) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access to "uid=test2user,ou=People,dc=deepsoft,dc=com" "homeDirectory" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr homeDirectory Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=test2user,ou=People,dc=deepsoft,dc=com", attr "homeDirectory" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result not in cache (loginShell) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access to "uid=test2user,ou=People,dc=deepsoft,dc=com" "loginShell" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr loginShell Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=test2user,ou=People,dc=deepsoft,dc=com", attr "loginShell" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result not in cache (gecos) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access to "uid=test2user,ou=People,dc=deepsoft,dc=com" "gecos" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr gecos Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=test2user,ou=People,dc=deepsoft,dc=com", attr "gecos" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result not in cache (shadowLastChange) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access to "uid=test2user,ou=People,dc=deepsoft,dc=com" "shadowLastChange" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr shadowLastChange Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=test2user,ou=People,dc=deepsoft,dc=com", attr "shadowLastChange" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result not in cache (shadowMax) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access to "uid=test2user,ou=People,dc=deepsoft,dc=com" "shadowMax" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr shadowMax Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=test2user,ou=People,dc=deepsoft,dc=com", attr "shadowMax" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result not in cache (userPassword) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access to "uid=test2user,ou=People,dc=deepsoft,dc=com" "userPassword" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [1] attr userPassword Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=test2user,ou=People,dc=deepsoft,dc=com", attr "userPassword" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: uid=sssd,ou=people,dc=deepsoft,dc=com Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result not in cache (modifyTimestamp) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access to "uid=test2user,ou=People,dc=deepsoft,dc=com" "modifyTimestamp" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr modifyTimestamp Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=test2user,ou=People,dc=deepsoft,dc=com", attr "modifyTimestamp" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "uid=test3user,ou=People,dc=deepsoft,dc=com" "uid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr uid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=test3user,ou=People,dc=deepsoft,dc=com", attr "uid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "uid=heller,ou=People,dc=deepsoft,dc=com" "uid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr uid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=heller,ou=People,dc=deepsoft,dc=com", attr "uid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "uid=nslcd,ou=People,dc=deepsoft,dc=com" "uid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr uid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=nslcd,ou=People,dc=deepsoft,dc=com", attr "uid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "uid=sssd,ou=People,dc=deepsoft,dc=com" "uid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr uid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=sssd,ou=People,dc=deepsoft,dc=com", attr "uid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [1] applying write(=wrscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [1] mask: write(=wrscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by write(=wrscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by write(=wrscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: conn=1000 op=9 SEARCH RESULT tag=101 err=0 nentries=1 text= Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: conn=1000 op=10 SRCH base="dc=deepsoft,dc=com" scope=2 deref=0 filter="(&(memberUid=test2user)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))" Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: conn=1000 op=10 SRCH attr=objectClass cn userPassword gidNumber modifyTimestamp modifyTimestamp Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "dc=deepsoft,dc=com" "entry" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr entry Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "dc=deepsoft,dc=com", attr "entry" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to all values by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= bdb_equality_candidates: (memberUid) not indexed Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=testuser,ou=Group,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=testuser,ou=Group,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Domain Admins,ou=Groups,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Admins,ou=Groups,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com" "objectClass" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr objectClass Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com", attr "objectClass" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com" "cn" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr cn Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com", attr "cn" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to all values by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com" "gidNumber" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr gidNumber Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com", attr "gidNumber" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to all values by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com" "gidNumber" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr gidNumber Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com", attr "gidNumber" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access to "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com" "entry" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr entry Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com", attr "entry" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to all values by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result not in cache (objectClass) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access to "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com" "objectClass" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr objectClass Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com", attr "objectClass" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result was in cache (objectClass) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result was in cache (objectClass) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result not in cache (cn) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access to "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com" "cn" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr cn Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com", attr "cn" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result not in cache (gidNumber) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access to "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com" "gidNumber" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr gidNumber Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com", attr "gidNumber" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: result not in cache (modifyTimestamp) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access to "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com" "modifyTimestamp" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr modifyTimestamp Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Users,ou=Groups,dc=deepsoft,dc=com", attr "modifyTimestamp" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: read access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Domain Guests,ou=Groups,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Guests,ou=Groups,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Domain Computers,ou=Groups,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Domain Computers,ou=Groups,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Administrators,ou=Groups,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Administrators,ou=Groups,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Account Operators,ou=Groups,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Account Operators,ou=Groups,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Print Operators,ou=Groups,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Print Operators,ou=Groups,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Backup Operators,ou=Groups,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Backup Operators,ou=Groups,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=Replicators,ou=Groups,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=Replicators,ou=Groups,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=heller,ou=Group,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=heller,ou=Group,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=nslcd,ou=Group,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=nslcd,ou=Group,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "cn=sssd,ou=Group,dc=deepsoft,dc=com" "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr memberUid Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "cn=sssd,ou=Group,dc=deepsoft,dc=com", attr "memberUid" requested Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: conn=1000 op=10 SEARCH RESULT tag=101 err=0 nentries=1 text= Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: conn=1004 fd=19 ACCEPT from IP=192.168.250.98:32894 (IP=192.168.250.98:389) Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: conn=1004 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: conn=1004 op=0 STARTTLS Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: conn=1004 op=0 RESULT oid= err=0 text= Sep 21 09:47:09 c764guest.deepsoft.com slapd[17535]: conn=1004 fd=19 closed (TLS negotiation failure) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: conn=1000 op=11 SRCH base="dc=deepsoft,dc=com" scope=2 deref=0 filter="(&(uid=gdm)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: conn=1000 op=11 SRCH attr=objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn modifyTimestamp modifyTimestamp shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdAttribute authorizedService accountExpires userAccountControl nsAccountLock host loginDisabled loginExpirationTime loginAllowedTimeMap sshPublicKey mail Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "dc=deepsoft,dc=com" "entry" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr entry Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "dc=deepsoft,dc=com", attr "entry" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: to all values by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= bdb_equality_candidates: (uid) not indexed Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "uid=testuser,ou=People,dc=deepsoft,dc=com" "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr uid Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=testuser,ou=People,dc=deepsoft,dc=com", attr "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "uid=root,ou=People,dc=deepsoft,dc=com" "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr uid Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=root,ou=People,dc=deepsoft,dc=com", attr "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "uid=nobody,ou=People,dc=deepsoft,dc=com" "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr uid Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=nobody,ou=People,dc=deepsoft,dc=com", attr "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "uid=test2user,ou=People,dc=deepsoft,dc=com" "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr uid Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=test2user,ou=People,dc=deepsoft,dc=com", attr "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "uid=test3user,ou=People,dc=deepsoft,dc=com" "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr uid Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=test3user,ou=People,dc=deepsoft,dc=com", attr "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "uid=heller,ou=People,dc=deepsoft,dc=com" "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr uid Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=heller,ou=People,dc=deepsoft,dc=com", attr "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "uid=nslcd,ou=People,dc=deepsoft,dc=com" "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr uid Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=nslcd,ou=People,dc=deepsoft,dc=com", attr "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: anonymous Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: * Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] applying read(=rscxd) (stop) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [3] mask: read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by read(=rscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access to "uid=sssd,ou=People,dc=deepsoft,dc=com" "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_get: [2] attr uid Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: access to entry "uid=sssd,ou=People,dc=deepsoft,dc=com", attr "uid" requested Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => acl_mask: to value by "uid=sssd,ou=people,dc=deepsoft,dc=com", (=0) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= check a_dn_pat: self Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [1] applying write(=wrscxd) (stop) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [1] mask: write(=wrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by write(=wrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by write(=wrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: conn=1000 op=11 SEARCH RESULT tag=101 err=0 nentries=0 text=
(Thu Sep 21 09:18:53 2017) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0] egid[0] pid[16951]. (Thu Sep 21 09:18:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200be9040][23] (Thu Sep 21 09:18:53 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected to privileged pipe! (Thu Sep 21 09:18:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200be9040][23] (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3]. (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3]. (Thu Sep 21 09:18:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200be9040][23] (Thu Sep 21 09:18:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200be9040][23] (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_cmd_open_session] (0x0100): entering pam_cmd_open_session (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'heller' matched without domain, user is heller (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_OPEN_SESSION (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): user: heller (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sshd (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: sauron.deepsoft.com (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 16951 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: heller (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/default/heller@default] (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User [heller] not found in PAM cache. (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7f91feb07030:3:heller@default@default] (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [default][0x3][BE_REQ_INITGROUPS][1][name=heller@default:-] (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7f9200bed8b0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7f91feb07030:3:heller@default@default] (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7f9200bed8b0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7f9200bdf5b0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 1 errno: 11 error message: Init group lookup failed (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_check_user_dp_callback] (0x0040): Unable to get information from Data Provider (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [heller@default] (Thu Sep 21 09:18:53 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7f9200bf1bf0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7f9200bf1cb0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7f9200bf1bf0 "ltdb_callback" (Thu Sep 21 09:18:53 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7f9200bf1cb0 "ltdb_timeout" (Thu Sep 21 09:18:53 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7f9200bf1bf0 "ltdb_callback" (Thu Sep 21 09:18:53 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7f9200bedfa0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7f9200bf1670 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7f9200bedfa0 "ltdb_callback" (Thu Sep 21 09:18:53 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7f9200bf1670 "ltdb_timeout" (Thu Sep 21 09:18:53 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7f9200bedfa0 "ltdb_callback" (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [heller@default@default] (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary name is heller@default (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [heller] added to PAM initgroup cache (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_OPEN_SESSION (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: default (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): user: heller@default (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sshd (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: sauron.deepsoft.com (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 16951 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: heller (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7f9200bed2b0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7f91feb07030:3:heller@default@default] (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7f9200bed2b0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7f9200bdf5b0 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [0 (Success)][default] (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success. (Thu Sep 21 09:18:53 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 24 (Thu Sep 21 09:18:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200be9040][23] (Thu Sep 21 09:18:58 2017) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): [heller] removed from PAM initgroup cache (Thu Sep 21 09:19:01 2017) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0] egid[0] pid[16994]. (Thu Sep 21 09:19:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bed350][24] (Thu Sep 21 09:19:01 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected to privileged pipe! (Thu Sep 21 09:19:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bed350][24] (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3]. (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3]. (Thu Sep 21 09:19:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bed350][24] (Thu Sep 21 09:19:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bed350][24] (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_cmd_open_session] (0x0100): entering pam_cmd_open_session (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'heller' matched without domain, user is heller (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_OPEN_SESSION (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): user: heller (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sshd (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: sauron.deepsoft.com (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 16994 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: heller (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/default/heller@default] (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User [heller] not found in PAM cache. (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7f91feb07030:3:heller@default@default] (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [default][0x3][BE_REQ_INITGROUPS][1][name=heller@default:-] (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7f9200bed2b0 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7f91feb07030:3:heller@default@default] (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7f9200bed2b0 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7f9200bdf5b0 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 1 errno: 11 error message: Init group lookup failed (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_check_user_dp_callback] (0x0040): Unable to get information from Data Provider (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [heller@default] (Thu Sep 21 09:19:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7f9200bf21c0 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7f9200bf2280 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7f9200bf21c0 "ltdb_callback" (Thu Sep 21 09:19:01 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7f9200bf2280 "ltdb_timeout" (Thu Sep 21 09:19:01 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7f9200bf21c0 "ltdb_callback" (Thu Sep 21 09:19:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7f9200bf0730 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7f9200bf3b00 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7f9200bf0730 "ltdb_callback" (Thu Sep 21 09:19:01 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7f9200bf3b00 "ltdb_timeout" (Thu Sep 21 09:19:01 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7f9200bf0730 "ltdb_callback" (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [heller@default@default] (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary name is heller@default (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [heller] added to PAM initgroup cache (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_OPEN_SESSION (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: default (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): user: heller@default (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sshd (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: sauron.deepsoft.com (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 16994 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: heller (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7f9200bf1ca0 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7f91feb07030:3:heller@default@default] (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7f9200bf1ca0 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7f9200bdf5b0 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [0 (Success)][default] (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success. (Thu Sep 21 09:19:01 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 24 (Thu Sep 21 09:19:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bed350][24] (Thu Sep 21 09:19:06 2017) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): [heller] removed from PAM initgroup cache (Thu Sep 21 09:19:53 2017) [sssd[pam]] [idle_handler] (0x2000): Terminating idle client [0x7f9200be9040][23] (Thu Sep 21 09:19:53 2017) [sssd[pam]] [client_close_fn] (0x2000): Terminated client [0x7f9200be9040][23] (Thu Sep 21 09:20:01 2017) [sssd[pam]] [idle_handler] (0x2000): Terminating idle client [0x7f9200bed350][24] (Thu Sep 21 09:20:01 2017) [sssd[pam]] [client_close_fn] (0x2000): Terminated client [0x7f9200bed350][24] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0] egid[0] pid[17137]. (Thu Sep 21 09:25:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf1bd0][23] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected to privileged pipe! (Thu Sep 21 09:25:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf1bd0][23] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3]. (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3]. (Thu Sep 21 09:25:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf1bd0][23] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf1bd0][23] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_cmd_open_session] (0x0100): entering pam_cmd_open_session (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'pcp' matched without domain, user is pcp (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_OPEN_SESSION (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): user: pcp (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): service: crond (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: cron (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 17137 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: pcp (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/default/pcp@default] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User [pcp] not found in PAM cache. (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7f91feb07030:3:pcp@default@default] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [default][0x3][BE_REQ_INITGROUPS][1][name=pcp@default:-] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7f9200bf1990 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7f91feb07030:3:pcp@default@default] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7f9200bf1990 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7f9200bdf5b0 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 1 errno: 11 error message: Init group lookup failed (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_check_user_dp_callback] (0x0040): Unable to get information from Data Provider (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [pcp@default] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7f9200bf1e30 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7f9200bf1ef0 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7f9200bf1e30 "ltdb_callback" (Thu Sep 21 09:25:01 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7f9200bf1ef0 "ltdb_timeout" (Thu Sep 21 09:25:01 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7f9200bf1e30 "ltdb_callback" (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/default/pcp] to negative cache (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [10]: User not known to the underlying authentication module. (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 8 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7f91feb07030:3:pcp@default@default] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf1bd0][23] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf1bd0][23] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_cmd_close_session] (0x0100): entering pam_cmd_close_session (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'pcp' matched without domain, user is pcp (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_CLOSE_SESSION (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): user: pcp (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): service: crond (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: cron (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 17137 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: pcp (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/default/pcp@default] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User [pcp] not found in PAM cache. (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7f91feb07030:3:pcp@default@default] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [default][0x3][BE_REQ_INITGROUPS][1][name=pcp@default:-] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7f9200bf1990 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7f91feb07030:3:pcp@default@default] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7f9200bf1990 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7f9200bdf5b0 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 1 errno: 11 error message: Init group lookup failed (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_check_user_dp_callback] (0x0040): Unable to get information from Data Provider (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [pcp@default] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7f9200bf1e30 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7f9200bf1ef0 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7f9200bf1e30 "ltdb_callback" (Thu Sep 21 09:25:01 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7f9200bf1ef0 "ltdb_timeout" (Thu Sep 21 09:25:01 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7f9200bf1e30 "ltdb_callback" (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/default/pcp] to negative cache (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [10]: User not known to the underlying authentication module. (Thu Sep 21 09:25:01 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 8 (Thu Sep 21 09:25:01 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7f91feb07030:3:pcp@default@default] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf1bd0][23] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf1bd0][23] (Thu Sep 21 09:25:01 2017) [sssd[pam]] [client_recv] (0x0200): Client disconnected! (Thu Sep 21 09:25:01 2017) [sssd[pam]] [client_close_fn] (0x2000): Terminated client [0x7f9200bf1bd0][23] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0] egid[0] pid[17208]. (Thu Sep 21 09:28:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf03e0][23] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected to privileged pipe! (Thu Sep 21 09:28:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf03e0][23] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3]. (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3]. (Thu Sep 21 09:28:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf03e0][23] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf03e0][23] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_cmd_open_session] (0x0100): entering pam_cmd_open_session (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'pcp' matched without domain, user is pcp (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_OPEN_SESSION (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): user: pcp (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): service: crond (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: cron (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 17208 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: pcp (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/default/pcp@default] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User [pcp] not found in PAM cache. (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7f91feb07030:3:pcp@default@default] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [default][0x3][BE_REQ_INITGROUPS][1][name=pcp@default:-] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7f9200bf04b0 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7f91feb07030:3:pcp@default@default] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7f9200bf04b0 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7f9200bdf5b0 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 1 errno: 11 error message: Init group lookup failed (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_check_user_dp_callback] (0x0040): Unable to get information from Data Provider (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [pcp@default] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7f9200bf1e80 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7f9200bf1f40 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7f9200bf1e80 "ltdb_callback" (Thu Sep 21 09:28:01 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7f9200bf1f40 "ltdb_timeout" (Thu Sep 21 09:28:01 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7f9200bf1e80 "ltdb_callback" (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/default/pcp] to negative cache (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [10]: User not known to the underlying authentication module. (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 8 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7f91feb07030:3:pcp@default@default] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf03e0][23] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf03e0][23] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_cmd_close_session] (0x0100): entering pam_cmd_close_session (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'pcp' matched without domain, user is pcp (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_CLOSE_SESSION (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): user: pcp (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): service: crond (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: cron (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: not set (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 17208 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: pcp (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/default/pcp@default] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User [pcp] not found in PAM cache. (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7f91feb07030:3:pcp@default@default] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [default][0x3][BE_REQ_INITGROUPS][1][name=pcp@default:-] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7f9200bf04b0 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7f91feb07030:3:pcp@default@default] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7f9200bf04b0 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7f9200bdf5b0 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 1 errno: 11 error message: Init group lookup failed (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_check_user_dp_callback] (0x0040): Unable to get information from Data Provider (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [pcp@default] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7f9200bf1e80 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7f9200bf1f40 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7f9200bf1e80 "ltdb_callback" (Thu Sep 21 09:28:01 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7f9200bf1f40 "ltdb_timeout" (Thu Sep 21 09:28:01 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7f9200bf1e80 "ltdb_callback" (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/default/pcp] to negative cache (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [10]: User not known to the underlying authentication module. (Thu Sep 21 09:28:01 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 8 (Thu Sep 21 09:28:01 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7f91feb07030:3:pcp@default@default] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf03e0][23] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f9200bf03e0][23] (Thu Sep 21 09:28:01 2017) [sssd[pam]] [client_recv] (0x0200): Client disconnected! (Thu Sep 21 09:28:01 2017) [sssd[pam]] [client_close_fn] (0x2000): Terminated client [0x7f9200bf03e0][23] (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_remove_watch] (0x2000): 0x7f9200be0310/0x7f9200bdf130 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_remove_watch] (0x2000): 0x7f9200be0310/0x7f9200bdf0e0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_responder_ctx_destructor] (0x0400): Responder is being shut down (Thu Sep 21 09:46:10 2017) [sssd[pam]] [server_setup] (0x0400): CONFDB: /var/lib/sss/db/config.ldb (Thu Sep 21 09:46:10 2017) [sssd[pam]] [confdb_get_domain_internal] (0x0400): No enumeration for [default]! (Thu Sep 21 09:46:10 2017) [sssd[pam]] [confdb_get_domain_internal] (0x1000): pwd_expiration_warning is -1 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_init_connection] (0x0400): Adding connection 0x7ff3c2188be0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_add_watch] (0x2000): 0x7ff3c218b0c0/0x7ff3c2189c40 (17), -/W (enabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218b0c0/0x7ff3c2188050 (17), R/- (disabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.sssd.service with path /org/freedesktop/sssd/service (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_conn_register_path] (0x0400): Registering object path /org/freedesktop/sssd/service with D-Bus connection (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.DBus.Properties with path /org/freedesktop/sssd/service (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_opath_hash_add_iface] (0x0400): Registering interface org.freedesktop.DBus.Introspectable with path /org/freedesktop/sssd/service (Thu Sep 21 09:46:10 2017) [sssd[pam]] [monitor_common_send_id] (0x0100): Sending ID: (pam,1) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7ff3c218b760 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218b0c0/0x7ff3c2188050 (17), R/- (enabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218b0c0/0x7ff3c2189c40 (17), -/W (disabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_names_init_from_args] (0x0100): Using re [(?P<name>[^@]+)@?(?P<domain>[^@]*$)]. (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s]. (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_init_connection] (0x0400): Adding connection 0x7ff3c218c960 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_add_watch] (0x2000): 0x7ff3c218d6c0/0x7ff3c218c490 (18), -/W (enabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218d6c0/0x7ff3c218c4e0 (18), R/- (disabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [rdp_message_send_internal] (0x0400): DP Request: /org/freedesktop/sssd/dataprovider org.freedesktop.sssd.DataProvider.Client.Register (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7ff3c218de70 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218d6c0/0x7ff3c218c4e0 (18), R/- (enabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218d6c0/0x7ff3c218c490 (18), -/W (disabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sysdb_domain_init_internal] (0x0200): DB File for default: /var/lib/sss/db/cache_default.ldb (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sysdb_domain_init_internal] (0x0200): Timestamp file for default: /var/lib/sss/db/timestamps_default.ldb (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c21906d0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c2190790 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c21906d0 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c2190790 "ltdb_timeout" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c21906d0 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x0400): asq: Unable to register control with rootdse! (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c2190870 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c2190930 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c2190870 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c2190930 "ltdb_timeout" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c2190870 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c2190ad0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c2190b90 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c2190ad0 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c2190b90 "ltdb_timeout" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c2190ad0 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c2192050 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c2192110 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c2192050 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c2192110 "ltdb_timeout" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c2192050 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): no modules required by the db (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): No modules specified for this database (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c2192110 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c21921d0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c2192110 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c21921d0 "ltdb_timeout" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c2192110 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c21922b0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c2192370 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c21922b0 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c2192370 "ltdb_timeout" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c21922b0 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_process_init] (0x0400): Responder Initialization complete (Thu Sep 21 09:46:10 2017) [sssd[pam]] [get_trusted_uids] (0x0400): All UIDs are allowed. (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'root' matched without domain, user is root (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/default/root@default] to negative cache permanently (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'root' matched without domain, user is root (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding [NCE/GROUP/default/root@default] to negative cache permanently (Thu Sep 21 09:46:10 2017) [sssd[pam]] [responder_set_fd_limit] (0x0100): Maximum file descriptors set to [8192] (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7ff3c1a268f0:domains@default] (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_dp_get_domains_msg] (0x0400): Sending get domains request for [default][] (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7ff3c2191be0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7ff3c1a268f0:domains@default] (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c2188be0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c2188be0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c218c960 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c218c960 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c218c960 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218b0c0/0x7ff3c2188050 (17), R/- (disabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218b0c0/0x7ff3c2189c40 (17), -/W (enabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218d6c0/0x7ff3c218c4e0 (18), R/- (disabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218d6c0/0x7ff3c218c490 (18), -/W (enabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218b0c0/0x7ff3c2188050 (17), R/- (enabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218b0c0/0x7ff3c2189c40 (17), -/W (disabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218d6c0/0x7ff3c218c4e0 (18), R/- (enabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218d6c0/0x7ff3c218c490 (18), -/W (disabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218b0c0/0x7ff3c2188050 (17), R/- (disabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218b0c0/0x7ff3c2189c40 (17), -/W (enabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218d6c0/0x7ff3c218c4e0 (18), R/- (disabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218d6c0/0x7ff3c218c490 (18), -/W (enabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218b0c0/0x7ff3c2188050 (17), R/- (enabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218b0c0/0x7ff3c2189c40 (17), -/W (disabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218d6c0/0x7ff3c218c4e0 (18), R/- (enabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 0x7ff3c218d6c0/0x7ff3c218c490 (18), -/W (disabled) (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7ff3c218b760 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c2188be0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:46:10 2017) [sssd[pam]] [id_callback] (0x0100): Got id ack and version (1) from Monitor (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7ff3c218de70 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7ff3c2191be0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c218c960 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:46:10 2017) [sssd[pam]] [rdp_process_pending_call] (0x0400): DP Success (Thu Sep 21 09:46:10 2017) [sssd[pam]] [rdp_register_client_done] (0x0400): Client is registered with DP (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c218c960 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.NotSupported] (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c2192a80 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c2194cc0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c2192a80 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c2194cc0 "ltdb_timeout" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c2192a80 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c21929c0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c2192a80 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c21929c0 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c2192a80 "ltdb_timeout" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c21929c0 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c218e1a0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c218bcc0 (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c218e1a0 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c218bcc0 "ltdb_timeout" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c218e1a0 "ltdb_callback" (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'root' matched without domain, user is root (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/default/root@default] to negative cache permanently (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'root' matched without domain, user is root (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_ncache_set_str] (0x0400): Adding [NCE/GROUP/default/root@default] to negative cache permanently (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7ff3c1a268f0:domains@default] (Thu Sep 21 09:46:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c218c960 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0] egid[513] pid[17575]. (Thu Sep 21 09:46:27 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c2195210][23] (Thu Sep 21 09:46:27 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected! (Thu Sep 21 09:46:27 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c2195210][23] (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3]. (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3]. (Thu Sep 21 09:46:27 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c2195210][23] (Thu Sep 21 09:46:27 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c2195210][23] (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_cmd_authenticate] (0x0100): entering pam_cmd_authenticate (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'test2user' matched without domain, user is test2user (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): user: test2user (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): service: su-l (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: pts/0 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: heller (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 17575 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: test2user (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/default/test2user@default] (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User [test2user] not found in PAM cache. (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7ff3c1a25030:3:test2user@default@default] (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [default][0x3][BE_REQ_INITGROUPS][1][name=test2user@default:-] (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7ff3c21880a0 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7ff3c1a25030:3:test2user@default@default] (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7ff3c21880a0 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c218c960 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [test2user@default] (Thu Sep 21 09:46:27 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c2196940 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c219a2d0 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c2196940 "ltdb_callback" (Thu Sep 21 09:46:27 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c219a2d0 "ltdb_timeout" (Thu Sep 21 09:46:27 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c2196940 "ltdb_callback" (Thu Sep 21 09:46:27 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c2195d40 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c219bb90 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c2195d40 "ltdb_callback" (Thu Sep 21 09:46:27 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c219bb90 "ltdb_timeout" (Thu Sep 21 09:46:27 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c2195d40 "ltdb_callback" (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [test2user@default@default] (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary name is test2user@default (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [test2user] added to PAM initgroup cache (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: default (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): user: test2user@default (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): service: su-l (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: pts/0 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: heller (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 17575 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: test2user (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7ff3c218b760 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Thu Sep 21 09:46:27 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7ff3c1a25030:3:test2user@default@default] (Thu Sep 21 09:46:28 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7ff3c218b760 (Thu Sep 21 09:46:28 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c218c960 (Thu Sep 21 09:46:28 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:46:28 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [4 (System error)][default] (Thu Sep 21 09:46:28 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [4]: System error. (Thu Sep 21 09:46:28 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 24 (Thu Sep 21 09:46:28 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c2195210][23] (Thu Sep 21 09:46:28 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c2195210][23] (Thu Sep 21 09:46:28 2017) [sssd[pam]] [client_recv] (0x0200): Client disconnected! (Thu Sep 21 09:46:28 2017) [sssd[pam]] [client_close_fn] (0x2000): Terminated client [0x7ff3c2195210][23] (Thu Sep 21 09:46:32 2017) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): [test2user] removed from PAM initgroup cache (Thu Sep 21 09:46:33 2017) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0] egid[513] pid[17576]. (Thu Sep 21 09:46:33 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c219bae0][23] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected! (Thu Sep 21 09:46:33 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c219bae0][23] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3]. (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3]. (Thu Sep 21 09:46:33 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c219bae0][23] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c219bae0][23] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_cmd_authenticate] (0x0100): entering pam_cmd_authenticate (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'test2user' matched without domain, user is test2user (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): user: test2user (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): service: su-l (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: pts/0 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: heller (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 17576 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: test2user (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/default/test2user@default] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User [test2user] not found in PAM cache. (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7ff3c1a25030:3:test2user@default@default] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [default][0x3][BE_REQ_INITGROUPS][1][name=test2user@default:-] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7ff3c2195280 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7ff3c1a25030:3:test2user@default@default] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7ff3c2195280 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c218c960 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [test2user@default] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c21967d0 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c2196890 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c21967d0 "ltdb_callback" (Thu Sep 21 09:46:33 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c2196890 "ltdb_timeout" (Thu Sep 21 09:46:33 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c21967d0 "ltdb_callback" (Thu Sep 21 09:46:33 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c2191330 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c218fd10 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c2191330 "ltdb_callback" (Thu Sep 21 09:46:33 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c218fd10 "ltdb_timeout" (Thu Sep 21 09:46:33 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c2191330 "ltdb_callback" (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [test2user@default@default] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary name is test2user@default (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [test2user] added to PAM initgroup cache (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: default (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): user: test2user@default (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): service: su-l (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: pts/0 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: heller (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 17576 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: test2user (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7ff3c21952c0 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7ff3c1a25030:3:test2user@default@default] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7ff3c21952c0 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c218c960 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [4 (System error)][default] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [4]: System error. (Thu Sep 21 09:46:33 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 24 (Thu Sep 21 09:46:33 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c219bae0][23] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c219bae0][23] (Thu Sep 21 09:46:33 2017) [sssd[pam]] [client_recv] (0x0200): Client disconnected! (Thu Sep 21 09:46:33 2017) [sssd[pam]] [client_close_fn] (0x2000): Terminated client [0x7ff3c219bae0][23] (Thu Sep 21 09:46:38 2017) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): [test2user] removed from PAM initgroup cache (Thu Sep 21 09:47:09 2017) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0] egid[513] pid[17586]. (Thu Sep 21 09:47:09 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c21915e0][23] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected! (Thu Sep 21 09:47:09 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c21915e0][23] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3]. (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3]. (Thu Sep 21 09:47:09 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c21915e0][23] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c21915e0][23] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_cmd_authenticate] (0x0100): entering pam_cmd_authenticate (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'test2user' matched without domain, user is test2user (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): user: test2user (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): service: su-l (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: pts/0 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: heller (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 17586 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: test2user (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/default/test2user@default] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User [test2user] not found in PAM cache. (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7ff3c1a25030:3:test2user@default@default] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [default][0x3][BE_REQ_INITGROUPS][1][name=test2user@default:-] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7ff3c218a2b0 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7ff3c1a25030:3:test2user@default@default] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7ff3c218a2b0 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c218c960 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [test2user@default] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c218da40 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c218db00 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c218da40 "ltdb_callback" (Thu Sep 21 09:47:09 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c218db00 "ltdb_timeout" (Thu Sep 21 09:47:09 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c218da40 "ltdb_callback" (Thu Sep 21 09:47:09 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7ff3c219bb60 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7ff3c219b940 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x7ff3c219bb60 "ltdb_callback" (Thu Sep 21 09:47:09 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x7ff3c219b940 "ltdb_timeout" (Thu Sep 21 09:47:09 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x7ff3c219bb60 "ltdb_callback" (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [test2user@default@default] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): User's primary name is test2user@default (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [test2user] added to PAM initgroup cache (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data: (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: default (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): user: test2user@default (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): service: su-l (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: pts/0 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: heller (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 17586 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: test2user (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x7ff3c2190d20 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7ff3c1a25030:3:test2user@default@default] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x7ff3c2190d20 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7ff3c218c960 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching. (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [4 (System error)][default] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [4]: System error. (Thu Sep 21 09:47:09 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 24 (Thu Sep 21 09:47:09 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c21915e0][23] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7ff3c21915e0][23] (Thu Sep 21 09:47:09 2017) [sssd[pam]] [client_recv] (0x0200): Client disconnected! (Thu Sep 21 09:47:09 2017) [sssd[pam]] [client_close_fn] (0x2000): Terminated client [0x7ff3c21915e0][23] (Thu Sep 21 09:47:14 2017) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): [test2user] removed from PAM initgroup cache
What am I missing here?
At Wed, 20 Sep 2017 19:30:17 +0200 Dieter =?UTF-8?B?S2zDvG50ZXI=?= dieter@dkluenter.de wrote:
Am Wed, 20 Sep 2017 12:32:37 -0400 (EDT) schrieb Robert Heller heller@deepsoft.com:
OK, I fixed the ACLs (I think), but it is still not working. I turned on verbose debugging for sssd[pam] and moderate debugging for slapd. =20 Here are my ACLs in /etc/openldap/slapd.d/cn=3Dconfig/olcDatabase=3D{2}hdb.ldif: =20 olcAccess: {0}to attrs=3DuserPassword by self write by anonymous auth by dn=3Duid=3Dheller,ou=3DPeople,dc=3Ddeepsoft,dc=3Dcom write by * none olcAccess: {1}to * by dn=3Duid=3Dheller,ou=3DPeople,dc=3Ddeepsoft,dc=3Dcom write by * read =20 There are also these olcAccess entries: =20 in /etc/openldap/slapd.d/cn=3Dconfig/olcDatabase=3D{0}config.ldif: =20 olcAccess: {0}to * by dn.base=3D"gidNumber=3D0+uidNumber=3D0,cn=3Dpeercred,cn=3Dextern al,cn=3D=
auth"
manage by * none =20 and in /etc/openldap/slapd.d/cn=3Dconfig/olcDatabase=3D{1}monitor.ldif: =20 olcAccess: {0}to * by dn.base=3D"gidNumber=3D0+uidNumber=3D0,cn=3Dpeercred,cn=3Dextern al,cn=3D=
auth"
read by dn.base=3D"cn=3DManager,dc=3Ddeepsoft,dc=3Dcom" read by * none
[...]
You may run slapd in debugging mode 128.
-Dieter
--=20 Dieter Kl=C3=BCnter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53=C2=B037'09,95"N 10=C2=B008'02,42"E
Am Thu, 21 Sep 2017 10:01:48 -0400 (EDT) schrieb Robert Heller heller@deepsoft.com: [...]
Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <= acl_mask: [1] mask: write(=wrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => slap_access_allowed: search access granted by write(=wrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: => access_allowed: search access granted by write(=wrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: conn=1000 op=11 SEARCH RESULT tag=101 err=0 nentries=0 text=
[...]
You should find out why operation 11 results in 0 entries.
-Dieter
At Fri, 22 Sep 2017 10:47:29 +0200 Dieter =?UTF-8?B?S2zDvG50ZXI=?= dieter@dkluenter.de wrote:
Am Thu, 21 Sep 2017 10:01:48 -0400 (EDT) schrieb Robert Heller heller@deepsoft.com: [...]
Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <=3D acl_mask: [1] mask: write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: =3D> slap_access_allowed: search access granted by write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: =3D> access_allowed: search access granted by write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: conn=3D1000 op=3D11 SEARCH RESULT tag=3D101 err=3D0 nentries=3D0 text=3D
[...]
You should find out why operation 11 results in 0 entries.
Operation 11 *seems* to be fetching the uid, using self, which has write access, which implies read access, which seems to work just fine, using ldapsearch from the command line:
[heller@c764guest ~]$ ldapsearch -D uid=test2user,ou=People,dc=deepsoft,dc=com -W -LLL '(uid=test2user)' uid Enter LDAP Password: dn: uid=test2user,ou=People,dc=deepsoft,dc=com uid: test2user
I don't know what is going on here.
Also: there is a "TLS negotiation failure" failure. I have not even enabled TLS and/or ssl. At least I don't think I have it enabled. I *think* I have it disabled everywhere. I want to test things without messing with creating a SSL Cert (none of this is anything close to a public facing production environment). I have ldap_id_use_start_tls set to false in /etc/sssd/sssd.conf -- is there some other option I need to set?
Is there any change that selinux is having any effect? Selinux can be pesky at times.
-Dieter
--=20 Dieter Kl=C3=BCnter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53=C2=B037'09,95"N 10=C2=B008'02,42"E
On Fri, Sep 22, 2017 at 10:45 AM, Robert Heller heller@deepsoft.com wrote:
At Fri, 22 Sep 2017 10:47:29 +0200 Dieter =?UTF-8?B?S2zDvG50ZXI=?= < dieter@dkluenter.de> wrote:
Am Thu, 21 Sep 2017 10:01:48 -0400 (EDT) schrieb Robert Heller heller@deepsoft.com: [...]
Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <=3D acl_mask:
[1]
mask: write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: =3D> slap_access_allowed: search access granted by write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: =3D> access_allowed: search access granted by write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: conn=3D1000 op=3D11
SEARCH
RESULT tag=3D101 err=3D0 nentries=3D0 text=3D
[...]
You should find out why operation 11 results in 0 entries.
Operation 11 *seems* to be fetching the uid, using self, which has write access, which implies read access, which seems to work just fine, using ldapsearch from the command line:
[heller@c764guest ~]$ ldapsearch -D uid=test2user,ou=People,dc=deepsoft,dc=com -W -LLL '(uid=test2user)' uid Enter LDAP Password: dn: uid=test2user,ou=People,dc=deepsoft,dc=com uid: test2user
I haven't checked your logs, so apologies if the answers to my points are in there.
Is your search above the same search done by the tool? Consider: - base: where does the search start? dc=deepsoft,dc=com? ou=People? - type of search: base, one, sub - search filter: is (uid=test2user) the only filter? Usually there are objectClass filters together with that
Am 22.09.2017 um 15:45 schrieb Robert Heller:
At Fri, 22 Sep 2017 10:47:29 +0200 Dieter =?UTF-8?B?S2zDvG50ZXI=?= dieter@dkluenter.de wrote:
Am Thu, 21 Sep 2017 10:01:48 -0400 (EDT) schrieb Robert Heller heller@deepsoft.com: [...]
Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <=3D acl_mask: [1] mask: write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: =3D> slap_access_allowed: search access granted by write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: =3D> access_allowed: search access granted by write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: conn=3D1000 op=3D11 SEARCH RESULT tag=3D101 err=3D0 nentries=3D0 text=3D
[...]
You should find out why operation 11 results in 0 entries.
Operation 11 *seems* to be fetching the uid, using self, which has write access, which implies read access, which seems to work just fine, using ldapsearch from the command line:
[heller@c764guest ~]$ ldapsearch -D uid=test2user,ou=People,dc=deepsoft,dc=com -W -LLL '(uid=test2user)' uid Enter LDAP Password: dn: uid=test2user,ou=People,dc=deepsoft,dc=com uid: test2user
I don't know what is going on here.
Also: there is a "TLS negotiation failure" failure. I have not even enabled TLS and/or ssl. At least I don't think I have it enabled. I *think* I have it disabled everywhere. I want to test things without messing with creating a SSL Cert (none of this is anything close to a public facing production environment). I have ldap_id_use_start_tls set to false in /etc/sssd/sssd.conf -- is there some other option I need to set?
Ok, if you use auth_provider = ldap in your sssd SSL/TLS is a must. IMHO it isn't possible to get it work without.
best regards Michael
Is there any change that selinux is having any effect? Selinux can be pesky at times.
-Dieter
--=20 Dieter Kl=C3=BCnter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53=C2=B037'09,95"N 10=C2=B008'02,42"E
At Fri, 22 Sep 2017 16:34:44 +0200 m.wandel@t-online.de wrote:
Am 22.09.2017 um 15:45 schrieb Robert Heller:
At Fri, 22 Sep 2017 10:47:29 +0200 Dieter =?UTF-8?B?S2zDvG50ZXI=?= dieter@dkluenter.de wrote:
Am Thu, 21 Sep 2017 10:01:48 -0400 (EDT) schrieb Robert Heller heller@deepsoft.com: [...]
Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <=3D acl_mask: [1] mask: write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: =3D> slap_access_allowed: search access granted by write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: =3D> access_allowed: search access granted by write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: conn=3D1000 op=3D11 SEARCH RESULT tag=3D101 err=3D0 nentries=3D0 text=3D
[...]
You should find out why operation 11 results in 0 entries.
Operation 11 *seems* to be fetching the uid, using self, which has write access, which implies read access, which seems to work just fine, using ldapsearch from the command line:
[heller@c764guest ~]$ ldapsearch -D uid=test2user,ou=People,dc=deepsoft,dc=com -W -LLL '(uid=test2user)' uid Enter LDAP Password: dn: uid=test2user,ou=People,dc=deepsoft,dc=com uid: test2user
I don't know what is going on here.
Also: there is a "TLS negotiation failure" failure. I have not even enabled TLS and/or ssl. At least I don't think I have it enabled. I *think* I have it disabled everywhere. I want to test things without messing with creating a SSL Cert (none of this is anything close to a public facing production environment). I have ldap_id_use_start_tls set to false in /etc/sssd/sssd.conf -- is there some other option I need to set?
Ok, if you use auth_provider = ldap in your sssd SSL/TLS is a must. IMHO it isn't possible to get it work without.
Yesh :-(. Now I have to get the SSL/TLS working... I have a cert now, but it is own my own CA and I am not sure how to get that to work...
best regards Michael
Is there any change that selinux is having any effect? Selinux can be pesky at times.
-Dieter
--=20 Dieter Kl=C3=BCnter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53=C2=B037'09,95"N 10=C2=B008'02,42"E
openldap-technical@openldap.org