<div dir="ltr">Hi Mantas,<div><br></div><div>Thanks for your reply.<br><div><br></div><div>"Hold on – why are you whitelisting individual users for systemd.GetMethod()? "<br></div><div><br></div><div>Sorry I am not clear your question. My intend is to add a user that fails to authenticate with DBUS in the previous email to policy config file to troubleshoot if dbus resolve it or not. But it throws "Unknown username" so I think dbus does not know anything about this user and it leads to the authenticate fails.</div><div><br></div><div>Brs,</div><div>Bao</div><div><br></div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Mar 12, 2019 at 6:20 PM Mantas Mikulėnas <<a href="mailto:grawity@gmail.com">grawity@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr">On Tue, Mar 12, 2019 at 1:17 PM Bao Nguyen <<a href="mailto:baondt@gmail.com" target="_blank">baondt@gmail.com</a>> wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hi again,<div><br></div><div>I tried to add the LDAP user in /etc/dbus-1/system.conf policy and then send signal SIGHUP to reload the configuration, also for dbus flush user cache, but dbus said that </div><div><br></div><div>Unknown username "ldap_demo" on element <allow><br></div><div><div>Reloaded configuration</div></div></div></div></div></div></div></div></blockquote><div><br></div><div>Hold on – why are you whitelisting individual users for systemd.GetMethod()?</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><br></div><div>I search the source code in dbus. it will call _dbus_get_user_id_and_primary_group , then _dbus_user_database_get_system to search user ldap_demo in its database but I am not clear how this database is built. Could you please help me for that? </div><div>Is there anyway to make dbus aware the new user except restart dbus?</div></div></div></div></div></div></div></blockquote><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>If I restart dbus, does it have any impact to the system?</div></div></div></div></div></div></div></blockquote><div><br></div><div>Yes; it closes all existing bus connections, which may cause many services to exit.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><br></div><div>Thanks,</div><div>Brs,</div><div>Bao</div><div><br></div></div></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Mar 8, 2019 at 5:54 PM Lennart Poettering <<a href="mailto:lennart@poettering.net" target="_blank">lennart@poettering.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Fr, 08.03.19 11:59, Mantas Mikulėnas (<a href="mailto:grawity@gmail.com" target="_blank">grawity@gmail.com</a>) wrote:<br>
<br>
> > dbus policy can only reference users that are available locally at any<br>
> > time, i.e. generally system users, not human users.<br>
> ><br>
> ><br>
> Hmm, but in this case, the client seems to be completely refused access to<br>
> the bus – not just blocked by policy from sending some message. The system<br>
> bus normally allows any user to connect (I mean, I have no problems<br>
> accessing it from an LDAP account), so I'm not sure why the bus config<br>
> should matter at this point.<br>
<br>
At this point this is probably something to move to the dbus list... I<br>
don#t remember how precisely dbus-daemon authenticates stuff, I just<br>
have a rough idea.<br>
<br>
Lennart<br>
<br>
--<br>
Lennart Poettering, Red Hat<br>
</blockquote></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail-m_-7864373465170058737gmail_signature"><div dir="ltr">Mantas Mikulėnas</div></div></div>
</blockquote></div>