I’m trying to get OOD working on our Ubuntu system, but running into an issue with OIDC auth.
It authenticates users properly, but when it tries to move past it, it results in the following error:
Error -- can't find group for 1543400513
Run 'nginx_stage --help' to see a full list of available command line options.
We’re using SSSD to sync groups from our AD server. 1543400513 is the “Domain Users” group that all users are a part of. How would I get around this issue? There’s no need for it to check that particular group as SSSD ignores it for the most part anyways.
Am I supposed to be running something other than update_nginx_stage to apply the user.rb change? After adding those lines, it still gives the same error
EDIT: One thing to note is that the 1543400513 group doesn’t have a group name, only the GID. Could that be the reason why it’s erroring out? It can’t grab the name?
You shouldn’t need to run anything - the program will run when you login.
I’m trying to figure out why we’re collecting the groups at all. I can’t see it being called anywhere in the codebase - so maybe we just stop making that call altogether?
Try commenting out that line here or assign it to an empty variable like @groups = [].
diff --git a/nginx_stage/lib/nginx_stage/user.rb b/nginx_stage/lib/nginx_stage/user.rb
index 6c0eb83d8..93f6ad271 100644
--- a/nginx_stage/lib/nginx_stage/user.rb
+++ b/nginx_stage/lib/nginx_stage/user.rb
@@ -63,7 +63,7 @@ module NginxStage
end
end
@group = Etc.getgrgid gid
- @groups = get_groups
+ # @groups = get_groups
end
# User's primary group name
It’s in a different spot in 3.1, but it’s still there. No I don’t think you should update to nightly because who knows what other errors you may run into.
I still receive the same error after commenting out the get_groups line. The only thing that gets the error to change is if I comment out line 37, which results in this error:
Error -- undefined method `group' for #<NginxStage::User: <user info>
It does, however, only return the 1543400513 group instead of all the secondary groups.
I get “Error – undefined method `name’ for “1543400513”:String” after applying the diff
1543400513 is your primary group?
Unfortunately, due to the way our AD servers are configured, everyone’s primary group is 1543400513. We work off of secondary groups for everything on our cluster.
Yes, the default group for everyone is the “Domain Users” acccount, which SSSD maps as 1543400513. We can’t change that since AD sets it upstream by default.
We aren’t. It’s the standard SSSD-AD+RealmD domain joining, not samba+winbind.
We’re mapping SIDs to UIDs and GIDs using ldap_id_mapping because our AD instance doesn’t provide UIDs and GIDs, but that’s the only thing (somewhat) out of the ordinary.