Jan 27 17:46:27 s2r5node66 sssd[3382]: ldb: unable to open modules directory '/usr/lib/x86_64-linux-gnu/ldb/modules/ldb'
Jan 27 17:46:25 s2r5node66 systemd[1]: Starting System Security Services Daemon...
Jan 27 17:46:25 s2r5node66 systemd[1]: sssd.service: Main process exited, code=exited, status=4/NOPERMISSION
Jan 27 17:46:25 s2r5node66 systemd[1]: sssd.service: Failed with result 'exit-code'.
Jan 27 17:46:25 s2r5node66 systemd[1]: Failed to start System Security Services Daemon.
1) # aa-enforce usr.sbin.sssd (default)
journal contains:
Jan 27 17:46:27 s2r5node66 sssd[3382]: ldb: unable to open modules directory '/usr/lib/ x86_64- linux-gnu/ ldb/modules/ ldb' 4/NOPERMISSION
Jan 27 17:46:25 s2r5node66 systemd[1]: Starting System Security Services Daemon...
Jan 27 17:46:25 s2r5node66 systemd[1]: sssd.service: Main process exited, code=exited, status=
Jan 27 17:46:25 s2r5node66 systemd[1]: sssd.service: Failed with result 'exit-code'.
Jan 27 17:46:25 s2r5node66 systemd[1]: Failed to start System Security Services Daemon.
2) # aa-complain usr.sbin.sssd; systemctl restart sssd
Jan 27 17:50:07 s2r5node66 audit[10294]: AVC apparmor="ALLOWED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile= "/usr/sbin/ sssd" name="usr/ lib/x86_ 64-linux- gnu/ldb/ modules/ ldb" pid=10294 comm="sssd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
3) modify /etc/apparmor/ usr.sbin. sssd
/usr/sbin/sssd flags=( complain, attach_ disconnected) {
# aa-enforce usr.sbin.sssd
/usr/sbin/sssd flags=( attach_ disconnected) {
# systemctl restart sssd
● sssd.service - System Security Services Daemon system/ sssd.service; enabled; vendor preset: enabled)
Loaded: loaded (/lib/systemd/
Active: active (running) since Wed 2021-01-27 17:53:06 UTC; 7s ago
and ssh works again.