Re: Fedora 14: GDM, sssd and LDAP authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/10/2010 07:40 AM, fedora wrote:
> Hi
> 
> The following sssd.conf and pam.d/gdm and pam.d/gdm-password work here 
> on fedora 13.
> With quite a bit of debuggind i found out that for sssd you have to 
> specify all bases in the sssd.conf.
> i have not been able to make sssd run with TLS.
> 

You should not have to set the separate bases at all, as long as they
are subtrees of the primary search base. If ldap_user_search_base is not
specified, it defaults to being the same as ldap_search_base.

There was some confusion about that in the past, where it looked more
like ldap_user_search_base was mandatory. We've cleaned up the
documentation to make that hopefully more clear.

I'm not sure what you mean by "I have not been able to make sssd run
with TLS". Given the ldap:// URI you specified, SSSD will always be
using TLS for the authentication. Because you set ldap_tls_reqcert =
never, it's just not validating the server against a CA cert. To do
that, you would need to set ldap_tls_cacert = /path/to/ca.crt

If you mean that it's not using TLS for identity lookups, this is
enabled by 'ldap_id_use_start_tls = True'.

- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzannkACgkQeiVVYja6o6MjBQCfaku+zuxZc2oh528ZsXWcOu2E
eXUAoK6hyex9rYn+9Svkj0DyLytklQ5s
=lGs2
-----END PGP SIGNATURE-----
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux