Re: sssd and ldap config

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Stephen Gallagher wrote:
> Michael, please post your [sanitized] sssd.conf somewhere. Right now, my
> best guess would be that you are using LDAPS or LDAP+TLS and are having
> a certificate error.

Yes, I don't have a CA cert, so it will not pass a cert test. I have 
"tls_checkpeer no" in my /etc/ldap.conf. Is there something similar for 
sssd? I could not find it in the man pages.

[domain/default]
auth_provider = ldap
cache_credentials = True
ldap_search_base = dc=domain,dc=com
krb5_realm = EXAMPLE.COM
chpass_provider = ldap
id_provider = ldap
ldap_id_use_start_tls = True
debug_level = 0
min_id = 1000
ldap_uri = ldap://intranet.domain.com/
krb5_kdcip = kerberos.example.com
ldap_tls_cacertdir = /etc/openldap/cacerts

>
> My second-best guess is that your users' UID or primary GID is<  1000,
> which is ignored by SSSD by default. (We've decided upstream that we're
> going to change this default to 1, as so many people have hit it).

I do have a few > 500 and < 1000 users, but I tested against UIDs of > 
1000 and getent failed for them as well.
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux