When using LDAP to store userdata it requires additional configuration to work properly with CageFS. By default CageFS does not see LDAP user, like this:
# id adam uid=16859(adam) gid=100(users) groups=100(users) # cagefsctl --enable adam Error: user adam does not exist
The problem is that in LDAP pwd.getpwall() function doesn’t work by default:
# python -c 'import pwd; print pwd.getpwall()' | grep adam
#
# python -c 'import pwd; print pwd.getpwnam("adam")'
pwd.struct_passwd(pw_name='adam', pw_passwd='*', pw_uid=16859, pw_gid=100, pw_gecos='adam', pw_dir='/home/adam', pw_shell='/bin/bash')To fix it you should set enumerate=true in sssd.conf file:
enumerate (bool)
Determines if the domain can be enumerated. This parameter can have following one of the values:
TRUE = Users and groups are enumerated
FALSE = No enumerations for this domain
Default: FALSE