SSSD couldn't load the configuration database [22]: Invalid argument.

Hello all,

I want to join my linux opensuse client to my ldap domain. but i am getting the problem that my sssd.service cannot start. i have looked in my journalctl and it says

May 05 13:51:15 linux-mn7g systemd[1]: Starting System Security Services Daemon…
May 05 13:51:15 linux-mn7g sssd[15839]: SSSD couldn’t load the configuration database [22]: Invalid argument.
May 05 13:51:15 linux-mn7g systemd[1]: sssd.service: Control process exited, code=exited status=4
May 05 13:51:15 linux-mn7g systemd[1]: Failed to start System Security Services Daemon.
May 05 13:51:15 linux-mn7g systemd[1]: sssd.service: Unit entered failed state.
May 05 13:51:15 linux-mn7g systemd[1]: sssd.service: Failed with result ‘exit-code’.

how can I fix this?

I have searched everything on google but that sadly didn’t work. Please help me out.


Before anything else,
You should post whatever reference or guide you’re following.
A good starting point is the openSUSE LDAP documentation

Most of the time,
This error means that your Domain configuration isn’t configured properly.

Before anything else,
Make sure that the User account already exists, in the Windows AD world supposedly it’s possible to create a User on the fly when adding a machine, but I’ve never found that to be reliable.

First thing to try…
If you’re manually modifying text files,
Domains can be described a number of ways. Do not define as “User@Domain.suffix” – Define as “User/Domain”
As suggested in the following

As described in the following RHEL bug report,
run “sssd config-check” to verify your config is bug-free.
You should be able to do this no matter whether you use YaST or manually edit config files.


The configuration database referenced could be the daemon configuration database itself (/var/lib/sss/db/config.ldb) or the/a domain database (/var/lib/sss/db/cache_<SSSD_DOMAIN_NAME>.ldb). The first happens rarely, the daemon reads the sssd.conf file and writes it to this db on startup, and the second usually happens when you switch between id mapping and non-id mapping modes for the daemon or have a mis-configured sssd.conf file.

Shut down the daemon and delete one or all of the *.ldb files in the /var/lib/sss/db/ directory and restart the daemon. Let me know what happens.

Deleting any or all of the cache files on a busy server in large environments would not be the first attempt at resolution normally, but it sounds like you are just getting started with the daemon, so, meh.

If you still have issues after deleting the cache files post your sssd.conf and your nsswitch.conf and we’ll go from there.

Hope it helps,

– lawrence

How do you configure your ldap client?

My experience is to configure ldap client with User Logon Management instead of LDAP and Kerberos Client through YaST.

But I’m connecting to OpenLDAP server.

This is considered a thread hijack I think :slight_smile: . If the conversation continues it would likely be best for you to start another thread with a subject line that describes the query better.

The YaST User Logon Module is still how you would access an openLDAP back end, using the SSSD LDAP providers. Provide the same configuration information you would to configure the pam_ldap and/or pam_krb5 modules (as is still done via the LDAP and Kerberos Client through YaST). This will configure the NSCD as opposed to the SSSD.

You cannot run them both of course and I prefer the SSSD myself :slight_smile: .

– lawrence