|
I am having trouble getting sssd to work properly with LDAP. I am using kerberos for passwords and LDAP for identification. I have everything working on Ubuntu and CENTOS5 clients
not using SSSD so I know it works.
Kerberos works just fine and I can get a ticket. LDAP returns nothing, debug logs aren't helping me. I have included a copy of my config file. We are not using certs on ldap and it shouldn't be required since I am using kerberos for authentication. Thanks, Ethan [sssd] config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 services = nss, pam domains = default [nss] filter_groups = root filter_users = root, nimda reconnection_retries = 3 [pam] reconnection_retries = 3 [domain/default] auth_provider = krb5 krb5_kpasswd = dc1.example.com,dc2.example.com,dc3.example.com krb5_kdcip = dc1.example.com,dc2.example.com,dc3.example.com krb5_realm = example.com krb5_server = dc1.example.com,dc2.example.com,dc3.example.com chpass_provider = krb5 cache_credentials = True id_provider = ldap ldap_id_use_start_tls = False ldap_user_uid_number = msSFU30UidNumber ldap_user_gid_number = msSFU30GidNumber ldap_user_principal = userPrincipalName ldap_force_upper_case_realm = False ldap_group_gid_number = msSFU30GidNumber ldap_uri = ldap://dc1.example.com,ldap://dc2.example.com,ldap://dc3.example.com ldap_user_home_directory = msSFU30HomeDirectory ldap_user_object_class = person ldap_group_object_class = group ldap_group_name = msSFU30Name ldap_user_name = msSFU30Name ldap_search_base = dc=example,dc=com ldap_default_authtok_type = password ldap_default_bind_dn = cn="Linux LDAP",ou=IT,dc=example,dc=com ldap_user_shell = msSFU30LoginShell ldap_default_authtok = PASSWORD_GOES_HERE ldap_tls_cacertdir = /etc/openldap/cacerts min_id = 10000 max_id = 999999 enumerate = True ldap_pwd_policy = none ldap_search = dc=example,dc=com ldap_schema = rfc2307bis debug_level = 9 Join us at the Mobile Event of the Year Copyright © 2011. All rights reserved. No portion of this material may be copied, transmitted, or stored via any electronic media without the express written permission of Syclo, LLC. This message is intended exclusively for the individual or entity to which it is addressed and may contain information that is PROPRIETARY, CONFIDENTIAL, PRIVILEGED, ATTORNEY WORK PRODUCT or otherwise legally exempt from disclosure. If you are not the named or intended recipient, you are not authorized to read, print, retain, copy, disclose, distribute, use or take any action with regard to this message or any part of it. If you have received this message in error please notify the sender immediately by e-mail and delete all copies of the message. Unless expressly stated in this email, nothing in this message should be construed as a digital or electronic signature. Syclo LLC. Headquarters Syclo International Limited is registered in England. |
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
