I think the next good step would be to show the LDIF and logs of a resolution of a single faulty entry, e.g. 80974 which you used earlier as an example of an entry that doesn’t work.
> On 28 Feb 2018, at 01:30, Asif Iqbal <vad...@gmail.com> wrote: > > > > On Tue, Feb 27, 2018 at 1:12 PM, Asif Iqbal <vad...@gmail.com> wrote: > > > On Tue, Feb 27, 2018 at 3:37 AM, Sumit Bose <sb...@redhat.com> wrote: > On Mon, Feb 26, 2018 at 10:21:14PM -0500, Asif Iqbal wrote: > > I have 300 out of 3000 users whose /home/<username> dir shows uid and gid > > instead of username and groupname. > > > > It seems to be behaving like a bug > > > > As soon I become a user with `sudo su - username' the uid of the home dir > > changes to username but gid still does not change to groupname. > > > > I also get an error message, but still successfully become that user > > > > $ ls -ld /home/mbniels > > drwx------. 3 80974 80974 4096 Feb 27 02:15 /home/mbniels > > > > $ su - mbniels > > Last login: Tue Feb 27 02:34:04 UTC 2018 on pts/39 > > /usr/bin/id: cannot find name for group ID 80974 > > groups: cannot find name for group ID 80974 > > > > $ ls -ld /home/mbniels > > drwx------. 3 mbniels 80974 4096 Feb 27 02:15 /home/mbniels > > > > Then to check the groups of username I get another error which then gets > > cleared by next command. > > > > $ groups mbniels > > mbniels : groups: cannot find name for group ID 80974 > > 80974 users > > > > $ getent group mbniels > > mbniels:*:80974 > > > > $ groups mbniels > > mbniels : mbniels users > > > > It also fixes the gid to groupname > > > > $ ls -ld /home/mbniels/ > > drwx------. 3 mbniels mbniels 4096 Feb 27 02:15 /home/mbniels/ > > > > I noticed it reverts after may be within half an hour, not exact sure when. > > Almost behaves like `quantum entanglement'. > > As soon as I try to check by trying to become that user the issue > > disappears. > > > > This is not just cosmetic issue, when the home dir shows ownership with > > uid, instead of username, the user fails some commands. > > > > We just started noticing today, since we just built this box and only few > > months ago and users are being invited to start using this server > > > > Some annoying error it is showing like below and user then fails to ssh > > > > $ ssh remote > > No user exists for uid 80974 > > > > I am using centos 7 and sssd 1.15.2 > > > > $ cat /etc/redhat-release > > CentOS Linux release 7.4.1708 (Core) > > > > $ sssd --version > > 1.15.2 > > > > Here are some relevant logs > > https://paste.fedoraproject.org/paste/gBaZ-Vr8Urh-M5ABpaRNuA > > It looks like you are not using a plain RFC2307bis LDAP schema. Can you > send you sssd.conf and a typical LDAP user and group object? > > bye, > Sumit > > > Here is an ldap user and I using same info as group (sanitized) > > dn: uid=mbniels,ou=People,dc=example,dc=com > roomNumber: 123456 > departmentNumber: 3.11.3 > tier1: Technology > joblevel: 6 > legacycompany: G > mobile: +11234567890 > manager: uid=managerid,ou=People,dc=example,dc=com > departmentname: TESTING & INTEG > costcenter: S0019751 > companynumber: S001 > companyname: EXAMPLE COMPANY > displayName: FOO, BAR > preferredname: Mark > docshareaccess: TRUE > sAMAccountName: mbniels > l: XX > street: 123 example ave > saploginid: foobar > title: LEAD ARCHITECT > postalCode: 123456 > employeeNumber: 00112233 > mail: foo....@example.com > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > objectClass: mnetPerson > mnetid: 080974 > uid: mbniels > givenName: Mark > st: XX > cn: Foo Bar > sn: Bar > employeeType: Management > initials: X > nationnumber: USA > nationname: United States > > > > I am still looking for some help on this. > > > > -- > Asif Iqbal > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org