Bug#599644: sssd: unable to resolve ldap group memberships

Juha Jäykkä Sat, 09 Oct 2010 13:18:20 -0700

Package: sssd
Version: 1.2.1-4
Severity: important


Sssd is unable to figure out memberships of groups stored in ldap. This is 
caused
by incorrect pathname somewhere within sssd.

Workaround: create a symlink.

Example:

~# id foobar
uid=1001(foobar) gid=1001(foobar) groups=1001(foobar)
~# /etc/init.d/sssd stop
~# rm -rf /var/lib/sss/db/*
~# ln -s /usr/lib /usr/modules
~#/etc/init.d/sssd start
~# id foobar
uid=1001(foobar) gid=1001(foobar) groups=1001(foobar),70000(specialgroup)
~# 

Without the symlink, the debug log of sssd will say
(Sat Oct  9 21:09:07 2010) [sssd[nss]] [ldb] (6): unable to load memberof from 
/usr/modules/ldb/memberof.so: /usr/modules/ldb/memberof.so: cannot open shared 
object file: No such file or directory

Cheers,
Juha

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.36-rc5-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages sssd depends on:
ii  libc-ares2        1.7.3-1                library for asyncronous name resol
ii  libc6             2.11.2-6               Embedded GNU C Library: Shared lib
ii  libcomerr2        1.41.12-2              common error description library
ii  libdbus-1-3       1.2.24-3               simple interprocess messaging syst
ii  libk5crypto3      1.8.3+dfsg-1           MIT Kerberos runtime libraries - C
ii  libkrb5-3         1.8.3+dfsg-1           MIT Kerberos runtime libraries
ii  libldap-2.4-2     2.4.23-6               OpenLDAP libraries
ii  libldb0           1:0.9.14~git20100928-1 LDAP-like embedded database - shar
ii  libnspr4-0d       4.8.6-1                NetScape Portable Runtime Library
ii  libnss3-1d        3.12.7-1               Network Security Service libraries
ii  libpam0g          1.1.1-6                Pluggable Authentication Modules l
ii  libpcre3          8.02-1.1               Perl 5 Compatible Regular Expressi
ii  libpopt0          1.16-1                 lib for parsing cmdline parameters
ii  libselinux1       2.0.96-1               SELinux runtime shared libraries
ii  libsemanage1      2.0.45-1               SELinux policy management library.
ii  libtalloc2        2.0.1-1                hierarchical pool based memory all
ii  libtdb1           1.2.1-2+b1             Trivial Database - shared library
ii  libtevent0        0.9.9~git20100928-2    talloc-based event loop library - 
ii  python            2.6.6-3                interactive high-level object-orie
ii  python-sss        1.2.1-4                Pam module for the System Security

Versions of packages sssd recommends:
ii  bind9-host             1:9.7.1.dfsg.P2-2 Version of 'host' bundled with BIN
ii  ldap-utils             2.4.23-6          OpenLDAP utilities

Versions of packages sssd suggests:
ii  libnss-sss                    1.2.1-4    Nss library for the System Securit
ii  libpam-sss                    1.2.1-4    Pam module for the System Security

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#599644: sssd: unable to resolve ldap group memberships

Reply via email to