On Tue, Feb 7, 2012 at 5:38 PM, Stephen Gallagher sgallagh@redhat.comwrote:
On Tue, 2012-02-07 at 17:28 +0100, Marco Pizzoli wrote:
According to that, your LDAP server doesn't support any authentication except GSSAPI (probably Kerberos). Obviously ldapsearch still works, so it looks to me like the LDAP server isn't properly reporting what it reports. Please open a bug. SSSD should be assuming that we always support SIMPLE.
Done. https://fedorahosted.org/sssd/ticket/1180
Please, could you tell me if this problem will be targeted for 1.7.x or 1.8 release?
Actually, on further investigation, this shouldn't be an issue. Can you confirm that you are NOT setting ldap_sasl_mech in your sssd.conf? It's not listed in your first email, but did you maybe leave it out?
It seems you found my fault :-( I surely overlooked the meaning of the word "none" on the man page. This is it: ldap_sasl_mech = none
The code that checks for this should be skipped if ldap_sasl_mech is unset.
Would you mind checking your startup logs at level 6 to see what value is being reported for ldap_sasl_mech?
Done. As already reported: ldap_sasl_mech = none
I commented that directive, restarted sssd and now I see it working and obtaining my groups from the LDAP server. I still don't see my users and groups, but this is another story.
Thanks a lot and apologize for the noise. Marco