> On 29 Aug 2017, at 16:27, Mukund <mukundarama...@agilisium.com> wrote: > > Hi > > I am trying to configure SSSD in all the datanodes and namenodes on a HDP > cluster. Following is my config. > > The local group id and LDAP group id created by SSSD are conflicting because > of which certain functionalities are not working as desired. > > I have configured as follows: and getting the error given below the config: > > > [sssd] > config_file_version = 2 > services = nss, pam > domains = LDAP > reconnection_retries = 3 > debug_level = 4 > > [nss] > filter_users = root,centos,ec2-user > filter_groups = root > reconnection_retries = 3 > debug_level = 4 > > [pam] > reconnection_retries = 3 > > [domain/LDAP1] > id_provider = ldap > auth_provider = ldap > ldap_schema = rfc2307 > ldap_uri = <uri> > ldap_default_bind_dn = cn=admin,dc=gtm,dc=juniper,dc=net > ldap_default_authtok = <pwd> > ldap_default_authtok_type = password > ldap_search_base = dc=gtm,dc=juniper,dc=net > ldap_user_search_base = ou=users,dc=gtm,dc=juniper,dc=net > ldap_group_search_base = ou=groups,dc=gtm,dc=juniper,dc=net > ldap_user_object_class = posixAccount > ldap_user_gecos = cn > ldap_tls_reqcert = hard > ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt > ldap_id_use_start_tls = false > debug_level = 7 > override_shell = /bin/bash > cache_credentials = true > min_id = 5000 > max_id = 25000
Well, these two parametres specify the valid range for the IDs coming from the remote source. Can you check the uidNumber and gidNumber of ambari-qa and whether is it within this range? > enumerate = false > > Error > > (Tue Aug 29 14:24:12 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0040): User > [ambari-qa] filtered out! (uid out of range) > (Tue Aug 29 14:24:12 2017) [sssd[be[LDAP]]] [sdap_save_user] (0x0020): Failed > to save user [ambari-qa] > > > is there a way to overcome this error. Any way to have the uid in range? > > Any help is greatly appreciated. > > Regards > Mukund > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org