On 11/6/25 5:01 AM, Alexey Tikhonov wrote:
On Wed, Nov 5, 2025 at 3:53 PM Prentice Bisbal via sssd-users
<[email protected]> wrote:
Yesterday we upgrade some of our systems to OpenSuSE 15.6. We have
sssd configured to to enumate, but when I do 'getent passwd, I get
only the contents of /etc/passwd, a hang for 3-5 seconds, and then
the command ends w/o any of our user information from LDAP. using
strace, I see getent is failing with this error:
connect(3, {sa_family=AF_UNIX, sun_path="/var/lib/sss/pipes/nss"},
110) = -1 ECONNREFUSED (Connection refused)
Even with logging turned all the way up, the only message I see in
the logs is this:
(2025-11-04 16:51:16): [sssd] [svc_child_info] (0x0020): Child
[71156] ('nss':'nss') was terminated by own WATCHDOG
Look into 'sssd_nss.log' -- what does it hang on - last message
before "2025-11-04 16:51:16"
But if your directory is big then an attempt to make enumeration work
is desperate.
Yes, this work may be desperate, especially since future versions of
SSSD won't support enumeration at all, and we recognize this may not be
worth debugging any further, but curiosity has got the better of me.
From that particular event, all I see is this:
(2025-11-04 16:51:16): [nss] [server_setup] (0x3f7c0): Starting with
debug level = 0x0070
Which is consistent with what I think it is happening. The sssd_nss is
crashing, and then restarting, and at the active log level at the time,
all it shows is the daemon restarting after crashing. Debug_level=9
produces a lot to sift through, so I have it at 7 right now. It still
crashes with and the produces a line like above about starting, but
these are the 3 lines right before that happens:
(2025-11-06 14:15:16): [nss] [cache_req_search_cache] (0x0400): [CID#19]
CR #140: Looking up [Users enumeration] in cache
(2025-11-06 14:15:16): [nss] [sysdb_enumpwent_filter] (0x1000): [CID#19]
Searching timestamp cache with [(objectCategory=user)]
(2025-11-06 14:15:16): [nss] [sysdb_enumpwent_filter] (0x1000): [CID#19]
Searching timestamp entries with
[(|(dn=name=USERNAME@ldap,cn=users,cn=LDAP,cn=sysdb)...
That last line is a really, really, really long line that appears to
include every username in our directory. I'm mainly pursuing this
because this didn't happen with our earlier version of sssd (OpenSuSE
15.4), so I'm wondering/curious if this is a problem with the our
directory size, a "new feature" in sssd 2.9.3, or a bug.
Prentice
--
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
