Ok,
it looks there was a fairly simple solution to this problem and it had nothing
to do with 32bit libraries. One simply needs to add the line "enumerate = true"
tpo each domain in the sssd.conf file.
I assume that will also work for id providers other than ldap, but I
have not confirmed that. I am reading that this is not recommended for
large directory servers with many users, as it can slow down response times.
I hope this is usefull for others using Topspin/ICONNMR in a similar environment.
Holger
On 4/29/2024 4:33 PM, Frank Holger Foersterling via groups.io wrote:
> AMMRLers,
> I am using sssd krb5 and LDAP in my lab to authenticate logins to our
> Centos7 spectrometers and Fedora workstations. I am keeping all user
> information (group affiliation, numerical user and group id in an
> local LDAP server. Most logins are authenticated by krb5 through our
> campus active directory servers, but some NMR lab specific accountys
> also authenticate through my LDAP server. With sssd that works for
> users logging into the computers, and after installing the 32 bit
> sssd-client.i686 they can start up Topspin. However, ICONNMR (running
> under Topspin 3.7) sees only local system users, but none of the users
> defined in LDAP . That is both in the "Switch Users" dialog, and in
> the configuration window. All user profiles are present in
> $TS/cont/instr/spec/inmrusers, but they are not shown. Interestingly,
> the user currently logged into the system can unlock the automation
> even if it is an LDAP user, but one can not switch to a different non
> local user.
> I looked at all the libraries Bruker recommends installing and made
> sure all are installed, and if a 32 bit version was available, I also
> installed it but to no avail.
> ICONNMR will work fine and show all users if I use nslcd from the
> nss-pam-ldapd package instead (with booth 32 and 64 bit versions
> installed), but I have not been able to authenticate simultaneously
> against our campus server and my local directory server, which is why
> I tried sssd. My previous method was a combination of krb5 and nis,
> which worked fine, but with the end of life for Centos7 coming up and
> AlmaLinux no longer supportting nis I neeeeed to move to an LDAP based
> solution.
> It looks there was a similar question posted to this group a couple of
> years ago by Charly Fry, but no solution was posted, but I hope
> someone can give me a hint whether there is a solution to the problem.
> My suspicion is that there is a 32 bit library missing, but I am not sure.
>
> Thanks
> Holger
>
--
Frank H. Foersterling
Instrumentation Specialist
CHM B-10
Department of Chemistry
University of Wisconsin-Milwaukee
414-229-5896(Lab) 414-229-5035 (Teams)
holger_at_uwm.edu
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#1209): https://urldefense.com/v3/__https://ammrl.groups=
.io/g/main/message/1209__;!!PvDODwlR4mBZyAb0!QzRSJlE5K-fnNjaluhtkzk_V18zEHq=
sN9nkwARFDMVmB6yC2WGWGhusT1aZX_CaHeHufXraPiOJ-WkE$
Mute This Topic: https://urldefense.com/v3/__https://groups.io/mt/105850975=
/7559972__;!!PvDODwlR4mBZyAb0!QzRSJlE5K-fnNjaluhtkzk_V18zEHqsN9nkwARFDMVmB6=
yC2WGWGhusT1aZX_CaHeHufXraPO_TwxCQ$
Mute #nmr_aquisition_software:
https://urldefense.com/v3/__https://ammrl.gro=
ups.io/g/main/mutehashtag/nmr_aquisition_software__;!!PvDODwlR4mBZyAb0!QzRS=
JlE5K-fnNjaluhtkzk_V18zEHqsN9nkwARFDMVmB6yC2WGWGhusT1aZX_CaHeHufXraPLH2XzpU=
$
Group Owner: main+owner_at_ammrl.groups.io
-=-=-=-=-=-=-=-=-=-=-=-
Received on Wed May 01 2024 - 13:50:50 MST