<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style>
</head>
<body ocsi="0" fpstyle="1">
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">I am having trouble getting sssd to work properly with LDAP. I am using kerberos for passwords and LDAP for identification. I have everything working on Ubuntu and CENTOS5 clients
not using SSSD so I know it works. <br>
<br>
Kerberos works just fine and I can get a ticket. LDAP returns nothing, debug logs aren't helping me. I have included a copy of my config file. We are not using certs on ldap and it shouldn't be required since I am using kerberos for authentication.<a fdsbl="0" _tbb="1" class="tba" id="send" name="lnkB" href="?ae=Item&a=New&t=IPM.Note&cc=MTQuMS4yNzAuMSxlbi1VUywyLEhUTUwsMCww&pspid=_1306849533209_548591319#"><span class="tbLh tbBefore tbAfter"><br>
</span></a><br>
Thanks,<br>
Ethan<br>
<br>
[sssd]<br>
config_file_version = 2<br>
reconnection_retries = 3<br>
sbus_timeout = 30<br>
services = nss, pam<br>
domains = default<br>
<br>
[nss]<br>
filter_groups = root<br>
filter_users = root, nimda<br>
reconnection_retries = 3<br>
<br>
[pam]<br>
reconnection_retries = 3<br>
<br>
[domain/default]<br>
auth_provider = krb5<br>
krb5_kpasswd = dc1.example.com,dc2.example.com,dc3.example.com<br>
krb5_kdcip = dc1.example.com,dc2.example.com,dc3.example.com<br>
krb5_realm = example.com<br>
krb5_server = dc1.example.com,dc2.example.com,dc3.example.com<br>
chpass_provider = krb5<br>
cache_credentials = True<br>
<br>
id_provider = ldap<br>
ldap_id_use_start_tls = False<br>
ldap_user_uid_number = msSFU30UidNumber<br>
ldap_user_gid_number = msSFU30GidNumber<br>
ldap_user_principal = userPrincipalName<br>
ldap_force_upper_case_realm = False<br>
ldap_group_gid_number = msSFU30GidNumber<br>
ldap_uri = ldap://dc1.example.com,ldap://dc2.example.com,ldap://dc3.example.com<br>
ldap_user_home_directory = msSFU30HomeDirectory<br>
ldap_user_object_class = person<br>
ldap_group_object_class = group<br>
ldap_group_name = msSFU30Name<br>
ldap_user_name = msSFU30Name<br>
ldap_search_base = dc=example,dc=com<br>
ldap_default_authtok_type = password<br>
ldap_default_bind_dn = cn="Linux LDAP",ou=IT,dc=example,dc=com<br>
ldap_user_shell = msSFU30LoginShell<br>
ldap_default_authtok = PASSWORD_GOES_HERE<br>
ldap_tls_cacertdir = /etc/openldap/cacerts<br>
min_id = 10000<br>
max_id = 999999<br>
enumerate = True<br>
ldap_pwd_policy = none<br>
ldap_search = dc=example,dc=com<br>
ldap_schema = rfc2307bis<br>
debug_level = 9<br>
</div>
<div id="qsdtag"><br>
<br>
<p><strong>Join us at the Mobile Event of the Year<br>
<br>
Syclo Mobile Conference 2011 | Chicago Mart Plaza | July 13-15<br>
</strong><br>
<a href="http://www.syclo.com/smc2011" target="_blank"><strong>www.syclo.com/smc2011</strong></a><br>
<br>
<br>
<br>
<br>
</p>
<p>Copyright © 2011. All rights reserved. No portion of this material may be copied, transmitted, or stored via any electronic media without the express written permission of Syclo, LLC. This message is intended exclusively for the individual or entity to which
it is addressed and may contain information that is PROPRIETARY, CONFIDENTIAL, PRIVILEGED, ATTORNEY WORK PRODUCT or otherwise legally exempt from disclosure. If you are not the named or intended recipient, you are not authorized to read, print, retain, copy,
disclose, distribute, use or take any action with regard to this message or any part of it. If you have received this message in error please notify the sender immediately by e-mail and delete all copies of the message. Unless expressly stated in this email,
nothing in this message should be construed as a digital or electronic signature.
</p>
<p>Syclo LLC. Headquarters<br>
1721 Moon Lake Blvd, STE 300, Hoffman Estates, IL 60169</p>
<p>Syclo International Limited is registered in England.<br>
Company Number: 05803809<br>
Registered Address: Clock House, 140 London Road, Guildford, GU1 1UW</p>
</div>
</body>
</html>