Sumit Bose via sssd-users <[email protected]> writes:
> Am Wed, Dec 03, 2025 at 05:12:35PM +0800 schrieb Zhengyi Fu via sssd-users: >> I am trying to set up SSSD to authenticate against MS Entra ID but >> cannot get it to work. What specific API permissions do I need to give >> to the App to make it work? > > Hi, > > I use 'Group.Read.All', 'User.Read.All', 'GroupMember.Read.All' and > 'User.Read'. Hi Summit, Thank you. But I still got 403 errors when SSSD searches for the user. The following logs were generated when the error occurs. Sensitive information in the logs is masked. (2025-12-05 10:09:55): [be[<DOMAIN>]] [_write_pipe_handler] (0x0400): [RID#5] All data has been sent! exec_child_ex command: [/usr/libexec/sssd/oidc_child] /usr/libexec/sssd/oidc_child --dumpable=1 --debug-microseconds=0 --debug-timestamps=1 --logger=stderr --backtrace=1 --debug-level=0x3f7f0 --libcurl-debug --chain-id=5 --name=test@<DOMAIN> --scope=https%3A%2F%2Fgraph.microsoft.com%2F.default --token-endpoint=https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/token --client-secret-stdin --client-id=****** --idp-type=entra_id --get-user (2025-12-05 10:09:55): [oidc_child[132361]] [main] (0x0400): [CID#5] oidc_child started, running command [get-user][3] (2025-12-05 10:09:55): [oidc_child[132361]] [main] (0x2000): [CID#5] Running with effective IDs: [0][0]. (2025-12-05 10:09:55): [oidc_child[132361]] [main] (0x2000): [CID#5] Running with real IDs [0][0]. (2025-12-05 10:09:55): [oidc_child[132361]] [read_client_secret_from_stdin] (0x4000): [CID#5] Client secret: [******]. (2025-12-05 10:09:55): [oidc_child[132361]] [set_http_opts] (0x4000): [CID#5] POST data: [grant_type=client_credentials&client_id=*****&&client_secret=******&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default]. (2025-12-05 10:09:55): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * Host login.microsoftonline.com:443 was resolved. (2025-12-05 10:09:55): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * IPv6: 2603:1047:1:168::18, 2603:1047:1:168::1f, 2603:1047:1:168::12, 2603:1047:1:168::2c, 2603:1047:1:168::1c, 2603:1047:1:168::19, 2603:1047:1:168::1b, 2603:1047:1:168::2e (2025-12-05 10:09:55): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * IPv4: 40.126.35.21, 40.126.35.81, 20.190.163.19, 40.126.35.85, 40.126.35.80, 40.126.35.150, 40.126.35.87, 40.126.35.151 (2025-12-05 10:09:55): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * Trying 40.126.35.21:443... (2025-12-05 10:09:55): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * Connected to login.microsoftonline.com (40.126.35.21) port 443 (2025-12-05 10:09:55): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * ALPN: curl offers h2,http/1.1 (2025-12-05 10:09:55): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * TLSv1.3 (OUT), TLS handshake, Client hello (1): (2025-12-05 10:09:55): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * CAfile: /etc/ssl/certs/ca-certificates.crt (2025-12-05 10:09:55): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * CApath: /etc/ssl/certs (2025-12-05 10:09:55): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * TLSv1.3 (IN), TLS handshake, Server hello (2): (2025-12-05 10:09:55): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): (2025-12-05 10:09:55): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * TLSv1.3 (OUT), TLS handshake, Client hello (1): (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * TLSv1.3 (IN), TLS handshake, Server hello (2): (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * TLSv1.3 (IN), TLS handshake, Certificate (11): (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * TLSv1.3 (IN), TLS handshake, CERT verify (15): (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * TLSv1.3 (IN), TLS handshake, Finished (20): (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * TLSv1.3 (OUT), TLS handshake, Finished (20): (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / secp384r1 / RSASSA-PSS (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * ALPN: server accepted h2 (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * Server certificate: (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * subject: C=US; ST=WA; L=Redmond; O=Microsoft Corporation; CN=stamp2.login.microsoftonline.com (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * start date: Oct 28 19:30:20 2025 GMT (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * expire date: Apr 26 19:30:20 2026 GMT (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * subjectAltName: host "login.microsoftonline.com" matched cert's "login.microsoftonline.com" (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * issuer: C=US; O=Microsoft Corporation; CN=Microsoft Azure RSA TLS Issuing CA 08 (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * SSL certificate verify ok. (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha384WithRSAEncryption (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * Certificate level 1: Public key type RSA (4096/152 Bits/secBits), signed using sha384WithRSAEncryption (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * Certificate level 2: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * using HTTP/2 (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * [HTTP/2] [1] OPENED stream for https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/token (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * [HTTP/2] [1] [:method: POST] (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * [HTTP/2] [1] [:scheme: https] (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * [HTTP/2] [1] [:authority: login.microsoftonline.com] (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * [HTTP/2] [1] [:path: /<TENANT_ID>/oauth2/v2.0/token] (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * [HTTP/2] [1] [user-agent: SSSD oidc_child/0.0] (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * [HTTP/2] [1] [accept: application/json] (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * [HTTP/2] [1] [content-length: 183] (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * [HTTP/2] [1] [content-type: application/x-www-form-urlencoded] (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: > POST /<TENANT_ID>/oauth2/v2.0/token HTTP/2 Host: login.microsoftonline.com User-Agent: SSSD oidc_child/0.0 Accept: application/json Content-Length: 183 Content-Type: application/x-www-form-urlencoded (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < HTTP/2 200 (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < cache-control: no-store, no-cache (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < pragma: no-cache (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < content-type: application/json; charset=utf-8 (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < expires: -1 (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < strict-transport-security: max-age=31536000; includeSubDomains (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < x-content-type-options: nosniff (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < x-ms-request-id: 53c6146f-4ea5-4f3b-86c3-5cef42c71700 (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < x-ms-ests-server: 2.1.22549.4 - EUS ProdSlices (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < x-ms-srs: 1.P (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < content-security-policy-report-only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-QGotYDS6nv4qa1BUN8DF8w' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < x-xss-protection: 0 (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < set-cookie: fcp=*****; expires=Sun, 04-Jan-2026 02:09:53 GMT; path=/; secure; HttpOnly; SameSite=None (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < set-cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < set-cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < date: Fri, 05 Dec 2025 02:09:52 GMT (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < content-length: 1949 (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < (2025-12-05 10:09:56): [oidc_child[132361]] [write_callback] (0x4000): [CID#5] {"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"<TOKEN>"} (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * Connection #0 to host login.microsoftonline.com left intact (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * Host graph.microsoft.com:443 was resolved. (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * IPv6: 2603:1047:1:168::82, 2603:1047:1:168::84, 2603:1047:1:168::83, 2603:1047:1:168::81 (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * IPv4: 20.190.144.170, 20.190.144.172, 20.190.144.171, 20.190.144.169 (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * Trying 20.190.144.170:443... (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * Connected to graph.microsoft.com (20.190.144.170) port 443 (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * ALPN: curl offers h2,http/1.1 (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * TLSv1.3 (OUT), TLS handshake, Client hello (1): (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * CAfile: /etc/ssl/certs/ca-certificates.crt (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * CApath: /etc/ssl/certs (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * TLSv1.3 (IN), TLS handshake, Server hello (2): (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * TLSv1.3 (OUT), TLS handshake, Client hello (1): (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * TLSv1.3 (IN), TLS handshake, Server hello (2): (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * TLSv1.3 (IN), TLS handshake, Certificate (11): (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * TLSv1.3 (IN), TLS handshake, CERT verify (15): (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * TLSv1.3 (IN), TLS handshake, Finished (20): (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * TLSv1.3 (OUT), TLS handshake, Finished (20): (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / secp384r1 / RSASSA-PSS (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * ALPN: server accepted h2 (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * Server certificate: (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * subject: C=US; ST=Washington; L=Redmond; O=Microsoft Corporation; CN=graph.microsoft.com (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * start date: Nov 1 00:00:00 2025 GMT (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * expire date: Apr 30 23:59:59 2026 GMT (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * subjectAltName: host "graph.microsoft.com" matched cert's "graph.microsoft.com" (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * SSL certificate verify ok. (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * Certificate level 2: Public key type RSA (2048/112 Bits/secBits), signed using sha1WithRSAEncryption (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * using HTTP/2 (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * Server auth using Bearer with user '' (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * [HTTP/2] [1] OPENED stream for https://graph.microsoft.com/v1.0/users?$filter=mail%20eq%20%27test%40<DOMAIN>%27%20or%20userPrincipalName%20eq%20%27test%40<DOMAIN>%27 (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * [HTTP/2] [1] [:method: GET] (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * [HTTP/2] [1] [:scheme: https] (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * [HTTP/2] [1] [:authority: graph.microsoft.com] (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * [HTTP/2] [1] [:path: /v1.0/users?$filter=mail%20eq%20%27test%40<DOMAIN>%27%20or%20userPrincipalName%20eq%20%27test%40<DOMAIN>%27] (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * [HTTP/2] [1] [authorization: Bearer <TOKEN>] (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * [HTTP/2] [1] [user-agent: SSSD oidc_child/0.0] (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * [HTTP/2] [1] [accept: application/json] (2025-12-05 10:09:56): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: > GET /v1.0/users?$filter=mail%20eq%20%27test%40<DOMAIN>%27%20or%20userPrincipalName%20eq%20%27test%40<DOMAIN>%27 HTTP/2 Host: graph.microsoft.com Authorization: Bearer <TOKEN> User-Agent: SSSD oidc_child/0.0 Accept: application/json (2025-12-05 10:09:57): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): (2025-12-05 10:09:57): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < HTTP/2 403 (2025-12-05 10:09:57): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < cache-control: no-cache (2025-12-05 10:09:57): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < content-type: application/json (2025-12-05 10:09:57): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < strict-transport-security: max-age=31536000 (2025-12-05 10:09:57): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < request-id: c4499cf2-282b-4bf4-882d-08828faddea2 (2025-12-05 10:09:57): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < client-request-id: c4499cf2-282b-4bf4-882d-08828faddea2 (2025-12-05 10:09:57): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"Korea Central","Slice":"E","Ring":"4","ScaleUnit":"002","RoleInstance":"SE1PEPF00000921"}} (2025-12-05 10:09:57): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < x-ms-resource-unit: 2 (2025-12-05 10:09:57): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < date: Fri, 05 Dec 2025 02:09:53 GMT (2025-12-05 10:09:57): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: < (2025-12-05 10:09:57): [oidc_child[132361]] [write_callback] (0x4000): [CID#5] {"error":{"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation.","innerError":{"date":"2025-12-05T02:09:53","request-id":"c4499cf2-282b-4bf4-882d-08828faddea2","client-request-id":"c4499cf2-282b-4bf4-882d-08828faddea2"}}} (2025-12-05 10:09:57): [oidc_child[132361]] [libcurl_debug_callback] (0x4000): [CID#5] libcurl: * Connection #0 to host graph.microsoft.com left intact (2025-12-05 10:09:57): [oidc_child[132361]] [do_http_request] (0x0040): [CID#5] Request failed, response code is [403]. (2025-12-05 10:09:57): [oidc_child[132361]] [entra_id_lookup] (0x0040): [CID#5] User search request failed. (2025-12-05 10:09:57): [oidc_child[132361]] [main] (0x0040): [CID#5] Id lookup failed. (2025-12-05 10:09:57): [oidc_child[132361]] [main] (0x3f7c0): [CID#5] oidc_child failed! -- _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
