Quantcast
Channel: linuxadmin: Expanding Linux SysAdmin knowledge
Viewing all articles
Browse latest Browse all 17901

SSSD stripping domain name from UID. Suggestions?

$
0
0

Hey everyone! If this isn't the right place to post just let me know and I'll move along. I'm really stumped and could use any insight at all.

I'm configuring SSSD for my LDAP/Kerberos setup. It's hitting the LDAP server just fine (I can see the request come in on the LDAP side), however, I have (what I think is) a unique situation. Our uid on LDAP contains our domain name (uid=foo@EXAMPLE.COM). On the LDAP server, a query for "foo" will fail but a query for "foo@EXAMPLE.COM" works no problem.

When I run this command:

id foo@EXAMPLE.COM

I see this in the debugging:

[sss_names_init_from_args] (0x0100): Using re [(?P<name>[@]+)@?(?P<domain>[@]*$)].

calling ldap_search_ext with [(&(uid=foo)(objectclass=posixAccount)(uid=)(&(uidNumber=)(!(uidNumber=0))))][ou=people,dc=EXAMPLE,dc=COM

Which I know fails due to running the same query on the LDAP server.

We have our uid set up like this because we have name space collision issues due to multiple offices, so each office has it's own realm. But SSSD stripping out the domain is really being a pain. Does anyone know a way around this?

submitted by /u/ShotgunSenorita
[link] [comments]

Viewing all articles
Browse latest Browse all 17901

Trending Articles