Every once in a while with SSSD, we run into a problem where we aren't able to get user information or authenticate users. We are using ldap/kerberos against an Active Directory set up over SSL (LDAPS) and we see the following message in the logs:
encoded packet size too big (813957100 > 16777215) From what I've been able to gather, this is something to do with the cyrus-sasl package. I've also seen this error pop up when doing operations with the openldap-clients (ldapsearch, ldapmodify). I've found that by specifying the minssf and maxssf values in the ldap* operations that the operations would then succeed. I'm wondering if the same type of fix would work for SSSD? Is there a way to specify the SSF of the SASL operations that SSSD uses? Is there another workaround for this? Greg Wojtak Sr. Unix Systems Engineer Office: (313) 373-4306 Cell: (734) 718-8472 _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
