SSSD / sssd

A daemon to manage identity, authentication and authorization for centrally-managed systems.
https://sssd.io
GNU General Public License v3.0
599 stars 247 forks source link

sssd requires lc_ctype to set as en_US #7397

Open ekare opened 5 months ago

ekare commented 5 months ago
root@x1:~# export LC_ALL=tr_TR.UTF-8
root@x1:~# sssd -d9 -i
[sssd] [check_file] (0x0400): lstat for [/run/sssd.pid] failed: [2][No such file or directory].
[sssd] [check_file] (0x0400): lstat for [/var/run/nscd/socket] failed: [2][No such file or directory].
[sssd] [ldb] (0x0400): server_sort:Unable to register control with rootdse!
[sssd] [sss_confdb_create_ldif] (0x0400): Processing config section [sssd]
[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [domains]
[sssd] [sss_confdb_create_ldif] (0x4000): domains: lab2.local

[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [config_file_version]
[sssd] [sss_confdb_create_ldif] (0x4000): config_file_version: 2

[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [services]
[sssd] [sss_confdb_create_ldif] (0x4000): services: nss, pam

[sssd] [sss_confdb_create_ldif] (0x4000): Section dn
dn: cn=sssd,cn=config
cn: sssd
domains: lab2.local
config_file_version: 2
services: nss, pam

[sssd] [sss_confdb_create_ldif] (0x0400): Processing config section [domain/lab2.local]
[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [default_shell]
[sssd] [sss_confdb_create_ldif] (0x4000): default_shell: /bin/bash

[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [krb5_store_password_if_offline]
[sssd] [sss_confdb_create_ldif] (0x4000): krb5_store_password_if_offline: True

[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [cache_credentials]
[sssd] [sss_confdb_create_ldif] (0x4000): cache_credentials: True

[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [krb5_realm]
[sssd] [sss_confdb_create_ldif] (0x4000): krb5_realm: LAB2.LOCAL

[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [realmd_tags]
[sssd] [sss_confdb_create_ldif] (0x4000): realmd_tags: manages-system joined-with-adcli

[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [id_provider]
[sssd] [sss_confdb_create_ldif] (0x4000): id_provider: ad

[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [fallback_homedir]
[sssd] [sss_confdb_create_ldif] (0x4000): fallback_homedir: /home/%u@%d

[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [ad_domain]
[sssd] [sss_confdb_create_ldif] (0x4000): ad_domain: lab2.local

[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [use_fully_qualified_names]
[sssd] [sss_confdb_create_ldif] (0x4000): use_fully_qualified_names: True

[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [ldap_id_mapping]
[sssd] [sss_confdb_create_ldif] (0x4000): ldap_id_mapping: True

[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [access_provider]
[sssd] [sss_confdb_create_ldif] (0x4000): access_provider: ad

[sssd] [sss_confdb_create_ldif] (0x4000): Section dn
dn: cn=lab2.local,cn=domain,cn=config
cn: lab2.local
default_shell: /bin/bash
krb5_store_password_if_offline: True
cache_credentials: True
krb5_realm: LAB2.LOCAL
realmd_tags: manages-system joined-with-adcli
id_provider: ad
fallback_homedir: /home/%u@%d
ad_domain: lab2.local
use_fully_qualified_names: True
ldap_id_mapping: True
access_provider: ad

[sssd] [confdb_init_db] (0x0100): LDIF file to import:
dn: cn=config
version: 2

dn: cn=sssd,cn=config
cn: sssd
domains: lab2.local
config_file_version: 2
services: nss, pam

dn: cn=lab2.local,cn=domain,cn=config
cn: lab2.local
default_shell: /bin/bash
krb5_store_password_if_offline: True
cache_credentials: True
krb5_realm: LAB2.LOCAL
realmd_tags: manages-system joined-with-adcli
id_provider: ad
fallback_homedir: /home/%u@%d
ad_domain: lab2.local
use_fully_qualified_names: True
ldap_id_mapping: True
access_provider: ad

[sssd] [confdb_ensure_files_domain] (0x0100): The implicit files domain is disabled
[sssd] [confdb_expand_app_domains] (0x2000): lab2.local is not an app domain
[sssd] [confdb_init_domain_provider_and_enum] (0x0400): No enumeration for [lab2.local]!
[sssd] [confdb_init_domain_provider_and_enum] (0x0400): Please note that when enumeration is disabled `getent passwd` does not return all users by design. See sssd.conf man page for more detailed information
[sssd] [confdb_init_domain_pwd_expire] (0x1000): pwd_expiration_warning is -1
[sssd] [become_user] (0x0200): Trying to become user [0][0].
[sssd] [become_user] (0x0200): Already user [0].
[sssd] [ldb] (0x0400): server_sort:Unable to register control with rootdse!
(2024-05-28  8:55:44): [sssd] [server_setup] (0x3f7c0): Starting with debug level = 0x2f7f0
(2024-05-28  8:55:44): [sssd] [server_setup] (0x0400): CONFDB: /var/lib/sss/db/config.ldb
(2024-05-28  8:55:44): [sssd] [confdb_get_domains] (0x0020): No domains configured, fatal error!
(2024-05-28  8:55:44): [sssd] [main] (0x0010): No domains configured.

When we set just LC_CTYPE to en_US.UTF-8;


root@x1:~# locale
LANG=en_US.UTF-8
LANGUAGE=
LC_CTYPE=en_US.UTF-8
LC_NUMERIC=tr_TR.UTF-8
LC_TIME=tr_TR.UTF-8
LC_COLLATE=tr_TR.UTF-8
LC_MONETARY=tr_TR.UTF-8
LC_MESSAGES=tr_TR.UTF-8
LC_PAPER=tr_TR.UTF-8
LC_NAME=tr_TR.UTF-8
LC_ADDRESS=tr_TR.UTF-8
LC_TELEPHONE=tr_TR.UTF-8
LC_MEASUREMENT=tr_TR.UTF-8
LC_IDENTIFICATION=tr_TR.UTF-8
LC_ALL=
root@x1:~# sssd -d9 -i
[sssd] [check_file] (0x0400): lstat for [/run/sssd.pid] failed: [2][No such file or directory].
[sssd] [check_file] (0x0400): lstat for [/var/run/nscd/socket] failed: [2][No such file or directory].
[sssd] [ldb] (0x0400): server_sort:Unable to register control with rootdse!
[sssd] [sss_confdb_create_ldif] (0x0400): Processing config section [sssd]
[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [domains]
[sssd] [sss_confdb_create_ldif] (0x4000): domains: lab2.local

[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [config_file_version]
[sssd] [sss_confdb_create_ldif] (0x4000): config_file_version: 2

[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [services]
[sssd] [sss_confdb_create_ldif] (0x4000): services: nss, pam

[sssd] [sss_confdb_create_ldif] (0x4000): Section dn
dn: cn=sssd,cn=config
cn: sssd
domains: lab2.local
config_file_version: 2
services: nss, pam

[sssd] [sss_confdb_create_ldif] (0x0400): Processing config section [domain/lab2.local]
[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [default_shell]
[sssd] [sss_confdb_create_ldif] (0x4000): default_shell: /bin/bash

[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [krb5_store_password_if_offline]
[sssd] [sss_confdb_create_ldif] (0x4000): krb5_store_password_if_offline: True

[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [cache_credentials]
[sssd] [sss_confdb_create_ldif] (0x4000): cache_credentials: True

[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [krb5_realm]
[sssd] [sss_confdb_create_ldif] (0x4000): krb5_realm: LAB2.LOCAL

[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [realmd_tags]
[sssd] [sss_confdb_create_ldif] (0x4000): realmd_tags: manages-system joined-with-adcli

[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [id_provider]
[sssd] [sss_confdb_create_ldif] (0x4000): id_provider: ad

[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [fallback_homedir]
[sssd] [sss_confdb_create_ldif] (0x4000): fallback_homedir: /home/%u@%d

[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [ad_domain]
[sssd] [sss_confdb_create_ldif] (0x4000): ad_domain: lab2.local

[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [use_fully_qualified_names]
[sssd] [sss_confdb_create_ldif] (0x4000): use_fully_qualified_names: True

[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [ldap_id_mapping]
[sssd] [sss_confdb_create_ldif] (0x4000): ldap_id_mapping: True

[sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [access_provider]
[sssd] [sss_confdb_create_ldif] (0x4000): access_provider: ad

[sssd] [sss_confdb_create_ldif] (0x4000): Section dn
dn: cn=lab2.local,cn=domain,cn=config
cn: lab2.local
default_shell: /bin/bash
krb5_store_password_if_offline: True
cache_credentials: True
krb5_realm: LAB2.LOCAL
realmd_tags: manages-system joined-with-adcli
id_provider: ad
fallback_homedir: /home/%u@%d
ad_domain: lab2.local
use_fully_qualified_names: True
ldap_id_mapping: True
access_provider: ad

[sssd] [confdb_init_db] (0x0100): LDIF file to import:
dn: cn=config
version: 2

dn: cn=sssd,cn=config
cn: sssd
domains: lab2.local
config_file_version: 2
services: nss, pam

dn: cn=lab2.local,cn=domain,cn=config
cn: lab2.local
default_shell: /bin/bash
krb5_store_password_if_offline: True
cache_credentials: True
krb5_realm: LAB2.LOCAL
realmd_tags: manages-system joined-with-adcli
id_provider: ad
fallback_homedir: /home/%u@%d
ad_domain: lab2.local
use_fully_qualified_names: True
ldap_id_mapping: True
access_provider: ad

[sssd] [confdb_ensure_files_domain] (0x0100): The implicit files domain is disabled
[sssd] [confdb_expand_app_domains] (0x2000): lab2.local is not an app domain
[sssd] [confdb_init_domain_provider_and_enum] (0x0400): No enumeration for [lab2.local]!
[sssd] [confdb_init_domain_provider_and_enum] (0x0400): Please note that when enumeration is disabled `getent passwd` does not return all users by design. See sssd.conf man page for more detailed information
[sssd] [confdb_init_domain_pwd_expire] (0x1000): pwd_expiration_warning is -1
[sssd] [become_user] (0x0200): Trying to become user [0][0].
sumit-bose commented 5 months ago

Hi,

this is a know-issue in libldb related dotted and dot-less variants of the character 'i' and case-folding. This should be fixed by https://gitlab.com/samba-team/samba/-/merge_requests/2804 in libldb.

Can you check which version of libldb is installed on your system and if this version already includes the fix?

HTH

bye, Sumit