Error during 'LDAP Group Look Up'

AMC · November 16, 2017, 12:40pm

Hi,

I’ve configured ManageIQ to authenticate using SAML2, with an external provider (Okta). I’m able to authenticate and login as expected but when it comes to adding a group based on an AD group it fails during the lookup:

Error during ‘LDAP Group Look Up’: Launch helper exited with unknown return code 1; caused by 3 sender=org.freedesktop.DBus -> dest=:1.19 serial=15 reply_serial=28 path=; interface=; member= error_name=org.freedesktop.DBus.Error.Spawn.ChildExited

The group exist in AD and the user is a member of that group.

running version: fine-4.20171116060428_f6f8a30

Any ideas?

saali2016 · November 18, 2017, 12:49am

Try to pull the user attribute manually to see if you getting the same error.

dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe org.freedesktop.sssd.infopipe.GetUserAttr string:dev2@dev.example.com array:string:mail,givenname,sn,displayname,fullname

AMC · December 6, 2017, 11:16am

Hi saali2016,

Thanks for the reply.

I received a timeout error:

Error org.freedesktop.DBus.Error.TimedOut: Activation of org.freedesktop.sssd.infopipe timed out

I’ve run the command you gave replacing user@domain

saali2016 · December 5, 2017, 5:43pm

Can you share your sssd.conf ?

AMC · December 6, 2017, 10:59am

Aha. I don’t have one, it seems to be missing.

I’ll start with creating one and giving it another try.

Thanks