New users added to OpenLDAP are not able to authenticate on clients.

Solution Unverified - Updated -

Issue

  • ssh authentication works for users whom previously connected to the server.
  • For new users added into LDAP, no connection.
  • ldapsearch returns the right values for all users, and same OU.

Example of id output :

  • For a working user.
[root@hostname ~]# id user
uid=1234567(user) gid=1234567 groups=1234567,10(wheel),11111(group1),222222(group2)
[root@hostname ~] ldapsearch (...) "uid=user"
dn: uid=user,ou=users,dc=example,dc=com
uid: user
...
uidNumber: 1234567
gidNumber: 1234567
  • For a non working user
[root@hostname ~]# id userko
id: userko: no such user
[root@hostname ~] ldapsearch (...) "uid=userko"
dn: uid=userko,ou=users,dc=example,dc=com
uid: user
...
uidNumber: 12345678912
gidNumber: 12345678912
  • In sssd debug log you can find following message :
(Tue Jan  1 00:00:00 2023) [sssd[be[default]]] [sdap_save_user] (0x0020): Cannot retrieve UID for [userko@default] in domain [default].
(Tue Jan  1 00:00:00 2023) [sssd[be[default]]] [sdap_save_user] (0x0020): Failed to save user [userko@default]
(Tue Jan  1 00:00:00 2023) [sssd[be[default]]] [sdap_save_users] (0x0040): Failed to store user 0. Ignoring.
(Tue Jan  1 00:00:00 2023) [sssd[be[default]]] [ldb] (0x4000): commit ldb transaction (nesting: 0)
(Tue Jan  1 00:00:00 2023) [sssd[be[default]]] [sdap_get_users_done] (0x4000): Saving 1 Users - Done

Environment

  • Red Hat Enterprise Linux
  • External LDAP for centralizing users (e.g : openLDAP)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content